[SERVER-11295] Encode "anyAction" in a future-proof way Created: 21/Oct/13 Updated: 30/Oct/15 Resolved: 22/Oct/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.5.3 |
| Fix Version/s: | 2.5.4 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Brody (Inactive) | Assignee: | Spencer Brody (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Participants: | |||||
| Description |
|
Currently when you get the actions associated with the internal user, you get back a list of every action defined in the server. In the future, if we add actions to the system, this could break in a mix-ed mode scenario, namely if mongos is running a new version with new actions, and the config servers are still running an old version of mongod without those actions. In that case, the system may think the internal user lacks the required privileges to perform the new actions. Instead, when asking for the privileges of the internal user, you should get back a list of actions with just one element "anyAction" that will unambiguously mean every single action. |
| Comments |
| Comment by auto [ 22/Oct/13 ] |
|
Author: {u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}Message: |
| Comment by David Storch [ 22/Oct/13 ] |
|
Once this ticket is resolved, tests being written as part of QA-341 need to be updated accordingly. |