[SERVER-13699] authorization checks should always happen, even when security is disabled Created: 23/Apr/14  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Internal Code, Security
Affects Version/s: 2.6.0
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Tested
Assigned Teams:
Server Security
Participants:

 Description   

Even if we aren't running with --auth, we should still have all operations run through the authorization checking code, to make us have more consistent behavior between running with and without security enabled.
At first, if security is disabled you should be automatically granted full privileges like what the __system user has, which is equivalent to the access you currently get when authorization checking is disabled. Eventually we could make the default privileges resemble those of the "root" role rather than the __system role so that the authorization system could be used for restricting certain user actions (for example direct modifications to admin.system.users) even if they don't want to set up security on their system.


Generated at Thu Feb 08 03:32:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.