[SERVER-21113] Allow a single user specified in configuration file to override all other users Created: 24/Oct/15  Updated: 06/Dec/22  Resolved: 30/Dec/19

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: New Feature Priority: Major - P3
Reporter: Cailin Nelson Assignee: Backlog - Security Team
Resolution: Won't Do Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Server Security
Participants:

 Description   

Allow a single user, defined in the configuration file to override all other users defined in the system. I.e. something like

security.authorization.recoveryUser=xyz
security.authorization.recoveryUserPassword=abc
security.authorization.recoveryUserRoles=readAnyDatabase

If these options are set, the users defined in system.users are ignored.



 Comments   
Comment by Scott Hernandez (Inactive) [ 24/Oct/15 ]

How is this different than simply turning off authentication, and starting on a local/protected-port? If recovery is needed and you can change the config and restart the mongodb server then it seems like you can also restrict access to the server/host as well, no?

Assuming this type of feature was implemented, how would it work for a sharded cluster or replica set? Is this a single-server only option?

Generated at Thu Feb 08 03:56:20 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.