[SERVER-27600] Queryable Backups need capabilities to read everything and read only Created: 06/Jan/17  Updated: 12/Oct/17  Resolved: 26/Sep/17

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 3.6.0-rc0

Type: Task Priority: Major - P3
Reporter: Chunming Li (Inactive) Assignee: Spencer Jackson
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Related
is related to SERVER-27554 Authorization error when using the fi... Closed
Backwards Compatibility: Minor Change
Sprint: Platforms 2017-09-11, Platforms 2017-10-02
Participants:

 Description   

Queryable Backup currently uses readAnyDatabase@admin role + X509 authorization for the user against authed mongods. This is insufficient to read system collections. From the QB point of view, we want to allow the user to be able to read everything including system collections, perhaps with the exception of certain things within the config db when it comes to sharded clusters.

Right now there isn't a "read-everything-and-read-only" built-in role that can achieve this. The backup role is close on the read side, but it also can appendOplogNote and manipulate the balancer, etc.
Custom roles are also difficult to use because we cannot save them in the DB, and I'm not sure if X509 authorization supports crafting arbitrary roles with all the necessary read privileges. And what if Backup has some "fake" system collections and custom roles created by the customer?

CC daniel.gottlieb spencer.jackson



 Comments   
Comment by Githook User [ 26/Sep/17 ]

Author:

{'email': 'spencer.jackson@mongodb.com', 'name': 'Spencer Jackson', 'username': 'spencerjackson'}

Message: SERVER-27600: Add queryable backup builtin role
Branch: master
https://github.com/mongodb/mongo/commit/78f2325fbf771242457315819df2e5cb341eaeee

Generated at Thu Feb 08 04:15:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.