[SERVER-11343] Change chunk manipulation commands to require privileges on the sharded collection rather than the cluster resource Created: 23/Oct/13  Updated: 30/Oct/15  Resolved: 06/Nov/13

Status: Closed
Project: Core Server
Component/s: Security, Sharding
Affects Version/s: None
Fix Version/s: 2.5.4

Type: Improvement Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

Currently, commands for manipulating sharding information about a collection (shardCollection, moveChunk, splitChunk, etc.) require privileges on the cluster resource. This means that you can only grant users the ability to shard all collections or none, there's no way to say you can shard collections in this db but not collections in this other db. If we change the access control checks in these commands to use the namespace as the target, this should be easy to fix.



 Comments   
Comment by Spencer Brody (Inactive) [ 06/Nov/13 ]

https://github.com/mongodb/mongo/commit/68c52f54dc4d81673b01c9964dfec3eed10de5a0

Generated at Thu Feb 08 03:25:32 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.