[SERVER-10963] Fix required privileges for aggregation with $out. Created: 30/Sep/13  Updated: 11/Jul/16  Resolved: 08/Nov/13

Status: Closed
Project: Core Server
Component/s: Aggregation Framework, Security
Affects Version/s: None
Fix Version/s: 2.5.4

Type: Bug Priority: Major - P3
Reporter: Andy Schwerin Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Gantt Dependency
Operating System: ALL
Participants:

 Description   

While the implementation of $out involves creating a temporary collection and creating indexes thereon, the end effect is equivalent to doing inserts and removes on the target collection. Therefore, it seems that the correct privileges for the $out target namespace, "target" are ActionType::remove and ActionType::insert, only. Since create-collection is implicit in ActionType::insert, those should be sufficient privileges.



 Comments   
Comment by auto [ 08/Nov/13 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-10963 Remove unnecessary privilege requirements from aggregation
Branch: master
https://github.com/mongodb/mongo/commit/27ab5af194c5702c41bea72e75274935dd8519e8

Comment by David Storch [ 22/Oct/13 ]

Once fixed, the tests being written as part of QA-341 should be updated accordingly.

Generated at Thu Feb 08 03:24:30 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.