[SERVER-10228] Deprecate GodScope/God Mode Created: 16/Jul/13  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Andy Schwerin Assignee: Backlog - Query Execution
Resolution: Unresolved Votes: 0
Labels: neweng
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-17419 Remove DBDirectClient class Closed
Assigned Teams:
Query Execution
Participants:

 Description   

The existence of "God mode"complicates the mongod security story.

Internal worker threads not acting directly on behalf of clients can use the following code to grant their client object full privileges.

cc()->getAuthorizationSession()->grantInternalAuthorization(
        UserName("threadName", "local"));

The other uses are the main() thread during startup and the authorization session code for looking up and manipulating user documents as part of user management commands. The main thread can use internal authorization, so that just leaves the user management code.



 Comments   
Comment by Andy Schwerin [ 09/Mar/15 ]

This task may be naturally subsumed by SERVER-17419.

Comment by Githook User [ 04/Aug/14 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@mongodb.com'}

Message: SERVER-10228 SERVER-14779 Add isGod() method to OperationContext; remove isGod method from ReplicationCoordinatorExternalState
Branch: master
https://github.com/mongodb/mongo/commit/e42f601194d67cfbde44bfcfb33af8284e68ecc3

Comment by auto [ 19/Jul/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10228 Use internal user authorization instead of GodScope in index rebuilder thread.
Branch: master
https://github.com/mongodb/mongo/commit/366e3e92f6335720fb9a9e588a3e093cda3415f5

Comment by auto [ 17/Jul/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10228 Use internal user authorization instead of GodScope in ttl thread.
Branch: master
https://github.com/mongodb/mongo/commit/0b1e95f481a82892f2df30c9ae0cdd1b485c9057

Comment by auto [ 17/Jul/13 ]

Author:

{u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-10228 Use internal user authorization instead of GodScope in the slave tracking thread.
Branch: master
https://github.com/mongodb/mongo/commit/18681a8276159d24418f5b8c4d64621de837839c

Generated at Thu Feb 08 03:22:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.