[SERVER-25994] Allow applyOps to validate authorization permissions at the operation level Created: 07/Sep/16 Updated: 04/Aug/21 Resolved: 30/Sep/16 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Replication, Security |
| Affects Version/s: | None |
| Fix Version/s: | 3.2.11, 3.4.0-rc0 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Spencer Jackson |
| Resolution: | Done | Votes: | 0 |
| Labels: | code-and-test | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||||||||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||||||||||||||||||||||||||
| Backport Completed: | |||||||||||||||||||||||||||||||||||||
| Sprint: | Platforms 2016-09-19, Platforms 2016-10-10 | ||||||||||||||||||||||||||||||||||||
| Participants: | |||||||||||||||||||||||||||||||||||||
| Case: | (copied to CRM) | ||||||||||||||||||||||||||||||||||||
| Description |
|
Currently, applyOps requires that the authenticated user has the ability to perform any operation on the system. However, applying an individual op may not require such extensive privileges. If the authenticated user has the ability to perform some operations, like inserting documents to a particular collection, they should be able to perform the same actions use applyOps. |
| Comments |
| Comment by Githook User [ 03/Oct/16 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: |
| Comment by Githook User [ 03/Oct/16 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: |
| Comment by Githook User [ 30/Sep/16 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: |
| Comment by Githook User [ 26/Sep/16 ] |
|
Author: {u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}Message: |