|
Even if we aren't running with --auth, we should still have all operations run through the authorization checking code, to make us have more consistent behavior between running with and without security enabled.
At first, if security is disabled you should be automatically granted full privileges like what the __system user has, which is equivalent to the access you currently get when authorization checking is disabled. Eventually we could make the default privileges resemble those of the "root" role rather than the __system role so that the authorization system could be used for restricting certain user actions (for example direct modifications to admin.system.users) even if they don't want to set up security on their system.
|