[SERVER-10944] Prevent granting users roles on $external database Created: 27/Sep/13  Updated: 30/Oct/15  Resolved: 11/Nov/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.5.4

Type: Bug Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Operating System: ALL
Participants:

 Description   

Currently this works:

use $external
db.addUser({ user: "spencer",
                      roles: ['userAdmin', 'readWrite']});

but the "readWrite@$external" role doesn't really make sense and doesn't actually allow you to do anything.



 Comments   
Comment by auto [ 11/Nov/13 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-10944 Prevent creating and granting roles on the $external database
Branch: master
https://github.com/mongodb/mongo/commit/b3af50b16b97b1db9711e8fa8ece33d3e001566b

Comment by Andy Schwerin [ 15/Oct/13 ]

But you might define other, non-system roles on $external. Is this really about prohibiting the granting of system roles on $external?

Generated at Thu Feb 08 03:24:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.