[SERVER-24724] Views works with authorization Created: 22/Jun/16  Updated: 08/Aug/17  Resolved: 11/Aug/16

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 3.3.11

Type: Task Priority: Major - P3
Reporter: Kyle Suarez Assignee: Kyle Suarez
Resolution: Done Votes: 0
Labels: read-only-views
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-25448 Replace all usages of ClientBasic wit... Closed
is depended on by SERVER-25526 Merge views_authz.js into auth comman... Closed
Documented
is documented by DOCS-9473 Document behavior of views when auth ... Closed
Related
related to SERVER-24771 Make queries on views return a cursor... Closed
Backwards Compatibility: Fully Compatible
Sprint: Integration 18 (08/05/16), Integration 2016-08-29
Participants:

 Description   

Access control on views should work exactly as it does for collections.

  • If you can(not) create a collection, then you should (not) be able to create a view

There are also some interesting security concerns to consider with regard to access control on a view's backing namespace:

  • User can read a view when not authorized to read the view's backing namespace(s)
  • If user is (not) authorized to read a collection, they can(not) read a view they create on top of it

However, this ticket *does not* cover authorization checks when calling getMore on a cursor returned by a view. (This means that a user authorized to read a view will still get an authorization error when calling getMore on that cursor.) The work for that will be tracked in SERVER-24771.



 Comments   
Comment by Andy Schwerin [ 11/Aug/16 ]

I think the view creation documentation should describe the privileges required, but everything else is pretty much the same as for regular collections. Please edit the description of this ticket to more clearly indicate that this work does not cover authorization checks for getmore operations on views, and to indicate which ticket does cover that work.

Comment by Kyle Suarez [ 11/Aug/16 ]

Unsure if documentation changes are needed – authz for views is a special case in terms of privileges and may be worthy of explicit clarification in the documentation.

Comment by Githook User [ 11/Aug/16 ]

Author:

{u'username': u'ksuarz', u'name': u'Kyle Suarez', u'email': u'kyle.suarez@mongodb.com'}

Message: SERVER-24724 authz for views

Adds special authorization logic to prevent a user from reading
normally-inaccessible collections via a view.
Branch: master
https://github.com/mongodb/mongo/commit/eb15955c67b8a13455b91a6848f8750447fb0f44

Generated at Thu Feb 08 04:07:14 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.