[SERVER-10963] Fix required privileges for aggregation with $out. Created: 30/Sep/13 Updated: 11/Jul/16 Resolved: 08/Nov/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Aggregation Framework, Security |
| Affects Version/s: | None |
| Fix Version/s: | 2.5.4 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Andy Schwerin | Assignee: | Spencer Brody (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Operating System: | ALL | ||||
| Participants: | |||||
| Description |
|
While the implementation of $out involves creating a temporary collection and creating indexes thereon, the end effect is equivalent to doing inserts and removes on the target collection. Therefore, it seems that the correct privileges for the $out target namespace, "target" are ActionType::remove and ActionType::insert, only. Since create-collection is implicit in ActionType::insert, those should be sufficient privileges. |
| Comments |
| Comment by auto [ 08/Nov/13 ] |
|
Author: {u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}Message: |
| Comment by David Storch [ 22/Oct/13 ] |
|
Once fixed, the tests being written as part of QA-341 should be updated accordingly. |