[SERVER-17513] Ability to define a global role that can be used in database context Created: 09/Mar/15 Updated: 06/Dec/22 |
|
| Status: | Open |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | features we're not sure of |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Anil Kumar | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 2 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Assigned Teams: |
Server Security
|
||||
| Participants: | |||||
| Case: | (copied to CRM) | ||||
| Description |
|
The user should be able to define / create a global role that can be used in context of the users database. This would provide ability to create a globally shared role similar to built-in roles like readWrite, userAdmin etc.
This would be analogous to how role management is done in most of the systems that provide this kind of control. |
| Comments |
| Comment by Tashuna Rodriguez [ 19/Oct/18 ] |
|
is this option still being considered? We have a lot of MongoDB environments and continue to grow. The User Access management functionality is not very scale-able. Please consider a user defined global role solution. |
| Comment by CF Hsu [ 23/Aug/18 ] |
|
@Matt Lord, yes. I'm relying on multi-tenant oriented design. However, I have to create the same role in each database. This role can perform read/write in the database only for existing collections. In conclusion, I want to define a global role like readWrite without create/dropCollection Do you know any workaround for this? Thanks for your reply! Q: I'm new to JIRA, how can I use @mention correctly? |
| Comment by Matt Lord (Inactive) [ 23/Aug/18 ] |
|
fonger, do you rely on the multi-tenant oriented design we have today where each database namespace is treated as an isolated context? Or would you be OK with a single shared global authentication context, where every role is global? Thank you for the input and feedback! |
| Comment by CF Hsu [ 19/Aug/18 ] |
|
definitely need this feature. It's frustrating to create the same role in each database.
I want to define custom global role like 'readWrite' works. |
| Comment by Andreas Nilsson [ 23/Mar/15 ] |
|
aleksej.tr I understand the request better now. We are currently gathering input for possible revisions to the access control system so this feedback is useful. Thank you, |
| Comment by Aleksej Trofimov [ 13/Mar/15 ] |
|
Hi Andreas, |
| Comment by Andreas Nilsson [ 12/Mar/15 ] |
|
If I understand this correctly it would be more of a role template that could be used to create other roles. It's an interesting suggestion, we will keep it in the planning loop going forward. |
| Comment by Aleksej Trofimov [ 10/Mar/15 ] |
|
The feature described as we wanted it to be =) Thanks! |