[SERVER-10243] Let administrators mark certain users to be pinned to the user cache Created: 17/Jul/13  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Concurrency, Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-9518 Keep ephemeral copies of role and use... Closed
Duplicate
is duplicated by SERVER-10349 Version 2.2.. You cannot connect to m... Closed
Related
related to SERVER-10128 killop.js failed on buildbot-special ... Closed
Assigned Teams:
Server Security
Backwards Compatibility: Fully Compatible
Participants:

 Description   

With SERVER-9518, users stored in a server's user cache can be authenticated without taking a database lock or performing network operations. By marking certain users as "pinned" to the cache, we can guarantee that even when the database locks are wedged those users can still log into the system.

Proposal: Add an optional field, "critical", which when true marks the user as one that should be pinned to the user cache at startup.

Alternative: Define a system role, possession of which marks the user as one that should be pinned to the user cache at startup. This approach implies that you would have to resolve indirect roles for users when choosing which ones to pin.



 Comments   
Comment by Spencer Brody (Inactive) [ 17/Jul/13 ]

Note: re-enable killop.js in auth passthrough tests after this has been fixed.

Generated at Thu Feb 08 03:22:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.