[SERVER-23672] Separate privilege action for mapreduce Created: 13/Apr/16  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Kevin Pulo Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
related to SERVER-15072 Limit resource usage for certain users Closed
is related to DOCS-7630 Document mapreduce authorization requ... Closed
Assigned Teams:
Server Security
Participants:

 Description   

Currently users with the find privilege action can also run mapReduce commands. Since the performance characteristics of mapReduce can be quite different to those of regular find, it would be very useful to be able to administratively prohibit the running of mapReduce jobs, while still allowing access to the data.

Using security.javascriptEnabled: false (aka --noscripting) to disable server-side Javascript is not a practical workaround, because it would only be useful if no other user or db requires access to run mapReduce, and no other user or db requires access to db.eval() (deprecated anyway) or $where.



 Comments   
Comment by Spencer Brody (Inactive) [ 13/Apr/16 ]

This feels to me like an extension of SERVER-15072. Currently our access control system is only based around granting access to specific pieces of data, not about differentiating between operations with different performance characteristics, resource utilization, etc. Although I definitely see the value in such a system. But I feel like any such system we build should exist alongside our existing system that is focused on access to data.

Generated at Thu Feb 08 04:04:08 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.