[SERVER-20515] Administrator commands for authentication and authorization Created: 21/Sep/15 Updated: 06/Dec/22 |
|
| Status: | Open |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | Needs Further Definition |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Ricardo Lorenzo | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Assigned Teams: |
Server Security
|
||||||||||||
| Participants: | |||||||||||||
| Description |
|
There is a confusion in relation to the authentication/authorization administration commands. It isn't clear what users have permissions over specific databases. For example, given the following list of users:
These users have a different behavior in relation to how the authentication is performed, but it is consistent in relation to what actions can be executed on the specific database. For example, User2 can authenticate against admin database but not against test3. However, this user can perform read/write operations on test3.
In the same way, User3 can perform the same actions only over test3 database. As you can see, this user cannot authenticate against the admin database.
Additionally, as you can see in the first list of users, you can also have the same user twice associated to different databases. They are two separate documents as they represent two independent users. This could represent a huge challenge for the security administrator. The relevant point here is the actions you could perform on a specific database. So there are two relevant points:
The method db.getUsers() is adding confusion as it shows the users associated to this database which is only useful for authentication. However, it is not showing the users who have read/write/admin permissions on this database. The authentication and authorization are different subjects. It doesn't really matter if your user needs to be authenticated against admin or test3 database. Which is really important is what permissions on what database the user has (authorization). In order to avoid the administrative problems of having multiple users, we should recommend having a single user, with multiple permissions for different databases. In relation to the explanation above, the security administrator should have two different commands (for example):
|