[SERVER-11295] Encode "anyAction" in a future-proof way Created: 21/Oct/13  Updated: 30/Oct/15  Resolved: 22/Oct/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.3
Fix Version/s: 2.5.4

Type: Task Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Gantt Dependency
Backwards Compatibility: Fully Compatible
Participants:

 Description   

Currently when you get the actions associated with the internal user, you get back a list of every action defined in the server.

In the future, if we add actions to the system, this could break in a mix-ed mode scenario, namely if mongos is running a new version with new actions, and the config servers are still running an old version of mongod without those actions. In that case, the system may think the internal user lacks the required privileges to perform the new actions.

Instead, when asking for the privileges of the internal user, you should get back a list of actions with just one element "anyAction" that will unambiguously mean every single action.



 Comments   
Comment by auto [ 22/Oct/13 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-11295 Encode 'anyAction' in a future-proof way
Branch: master
https://github.com/mongodb/mongo/commit/483df488c35c0058e5eea1e9af90ecde77d57a29

Comment by David Storch [ 22/Oct/13 ]

Once this ticket is resolved, tests being written as part of QA-341 need to be updated accordingly.

Generated at Thu Feb 08 03:25:24 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.