[SERVER-25994] Allow applyOps to validate authorization permissions at the operation level Created: 07/Sep/16  Updated: 04/Aug/21  Resolved: 30/Sep/16

Status: Closed
Project: Core Server
Component/s: Replication, Security
Affects Version/s: None
Fix Version/s: 3.2.11, 3.4.0-rc0

Type: Improvement Priority: Major - P3
Reporter: Spencer Jackson Assignee: Spencer Jackson
Resolution: Done Votes: 0
Labels: code-and-test
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Documented
is documented by DOCS-9467 Docs for SERVER-25994: Allow applyOps... Closed
Duplicate
duplicates SERVER-19191 "restore" role does not have applyOps... Closed
Related
related to SERVER-53674 Do not run applyOps commands in the f... Closed
related to SERVER-36263 Bypassing operation validation in app... Closed
is related to SERVER-19768 Failed applyOps command does not crea... Closed
Backwards Compatibility: Minor Change
Backport Completed:
Sprint: Platforms 2016-09-19, Platforms 2016-10-10
Participants:
Case:

 Description   

Currently, applyOps requires that the authenticated user has the ability to perform any operation on the system. However, applying an individual op may not require such extensive privileges. If the authenticated user has the ability to perform some operations, like inserting documents to a particular collection, they should be able to perform the same actions use applyOps.



 Comments   
Comment by Githook User [ 03/Oct/16 ]

Author:

{u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}

Message: SERVER-25994: Make applyOps work without universal privileges
Branch: v3.2
https://github.com/mongodb/mongo/commit/57a9fd688c95ec634900d0470f0e87987c3955d2

Comment by Githook User [ 03/Oct/16 ]

Author:

{u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}

Message: SERVER-25994: Make applyOps check for specific permissions
Branch: v3.2
https://github.com/mongodb/mongo/commit/13bb20d6ee2fd6b0d7e4128ce0ed0c8d8fe5173f

Comment by Githook User [ 30/Sep/16 ]

Author:

{u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}

Message: SERVER-25994: Make applyOps work without universal privileges
Branch: master
https://github.com/mongodb/mongo/commit/1ac511f1673d9663454651c2763aec32387c077f

Comment by Githook User [ 26/Sep/16 ]

Author:

{u'username': u'spencerjackson', u'name': u'Spencer Jackson', u'email': u'spencer.jackson@mongodb.com'}

Message: SERVER-25994: Make applyOps check for specific permissions
Branch: master
https://github.com/mongodb/mongo/commit/160a15c25fc59a74cc66cd593d0381741630776f

Generated at Thu Feb 08 04:10:50 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.