[SERVER-24281] User management privileges (like createUser) became the top level privileges Created: 25/May/16 Updated: 06/Dec/22 |
|
| Status: | Open |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | Needs Further Definition |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Ricardo Lorenzo | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Assigned Teams: |
Server Security
|
| Participants: |
| Description |
|
The user management privileges provide the role with the top level security access to the database instance as the user administrator can assign any role to the user. It would be great if the role assignment is delegated to the grantRole privilege and the createUser assigns a predefined role (perhaps per database) exclusively. |