[DRIVERS-1654] Investigate changes in PM-2192: Deprecate authentication as multiple simultaneous users Created: 08/Apr/21  Updated: 27/May/22  Resolved: 19/Apr/21

Status: Closed
Project: Drivers
Component/s: None
Fix Version/s: None

Type: Epic Priority: Major - P3
Reporter: Backlog - Core Eng Program Management Team Assignee: Unassigned
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Driver Changes: Needed
Server Compat: 5.0

 Description   
Downstream Change Summary

This project will deprecate the concept of simultaneously authenticating as multiple users on a single connection, with the intent to remove that feature in the future. To aid with deprecation, work done in this project will prevent that feature from being used in APIVersion 1.

Description of Linked Ticket

Epic Summary

Summary

This project will deprecate the ability for clients to authenticate to MongoDB as multiple users, with the intent to remove it in the next LTS release of the product.

Motivation

Historically, administrators were expected to create distinct sets of users in different databases, and delegate management responsibilities to per-database user administrators. To support this functionality, it has been possible to authenticate as two separate users from two different databases simultaneously. Clients authenticated as two users would possess the union of privileges possessed by both users.
Clients no longer take advantage of this behaviour. For each connection they establish, compliant drivers authenticate exactly once using credentials provided in their configuration, which precludes multi-user authentication. Drivers automatically create implicit Logical Sessions which are incompatible with multi-user authentication. Attempting to use both features at the same time will result in an error.
Support for multi-user authentication complicates the server's authorization logic, and makes it harder for implementers of the server's wire protocol to understand the authorization model. We should deprecate this behaviour with the intent to remove it in an upcoming release.

Cast of Characters

  • Product Owner:
  • Project Lead:
  • Program Manager:
  • Drivers Contact:

Documentation

Scope Document
Technical Design Document


Generated at Thu Feb 08 08:23:47 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.