[SERVER-17438] Provide a method to create replicated users that work only with certain members of a replica set Created: 02/Mar/15  Updated: 04/Jun/18  Resolved: 10/May/18

Status: Closed
Project: Core Server
Component/s: Replication, Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: David Hows Assignee: Spencer Jackson
Resolution: Done Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
Participants:

 Description   

Provide a method to create replicated users that work only with certain members of a replica set.

Example; I have a 5 member replica set (M0-M4) with M3 and M4 being lower powered reporting members.

I wish to create a user that will only allow the end user to authenticate to M3 and M4 as we have a requirement that reporting users are only allowed to connect to the reporting secondaries.



 Comments   
Comment by Spencer Jackson [ 10/May/18 ]

I believe this functionality can be achieved with IP whitelisting, assuming that the nodes have static IPs. To obtain this behavior, one may attach an authentication restriction to a user document with a serverAddress containing the IP address of the node the user should be able to authenticate on. For future proofing, one could delegate the different classes of nodes to different subnets, and define theĀ serverAddress on the subnet's CIDR range.

Generated at Thu Feb 08 03:44:25 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.