[SERVER-11827] Allow user defined roles on non-admin databases to grant permission for users to change their own passwords Created: 22/Nov/13 Updated: 01/Jul/14 Resolved: 22/Nov/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security, Usability |
| Affects Version/s: | 2.5.4 |
| Fix Version/s: | 2.5.5 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Brody (Inactive) | Assignee: | Spencer Brody (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Minor Change | ||||||||
| Operating System: | ALL | ||||||||
| Participants: | |||||||||
| Description |
|
Currently the "changeOwnPassword" action needs to be granted to the cluster resource to be effective in allowing a user to change their own password. But roles on non-admin dbs can't have privileges on the cluster resource. Instead, permission to change one's own password should be based on the possession of changeOwnPassword on the database resource for the database the user is defined on. |
| Comments |
| Comment by Githook User [ 22/Nov/13 ] |
|
Author: {u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}Message: |