[SERVER-28260] Create a killAnyCursor privilege Created: 09/Mar/17  Updated: 17/May/19  Resolved: 30/Nov/17

Status: Closed
Project: Core Server
Component/s: Querying, Security
Affects Version/s: None
Fix Version/s: 3.6.3, 3.7.1

Type: Task Priority: Major - P3
Reporter: Tess Avitabile (Inactive) Assignee: Sara Golemon
Resolution: Done Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Documented
is documented by DOCS-11101 Docs for SERVER-28260: Create a killA... Closed
Problem/Incident
causes SERVER-32169 A cursor created with a session canno... Closed
Related
related to SERVER-17856 users on mongods should always be abl... Closed
is related to SERVER-9609 Ensure users can only call getMore on... Closed
Backwards Compatibility: Major Change
Backport Requested:
v3.6
Sprint: Platforms 2017-11-13, Platforms 2017-12-04
Participants:

 Description   

A ClientCursor is associated with the set of users that were authenticated when it was created.
A killCursors should only succeed if the intersection of currently authenticated users and the set of users associated with the ClientCursor is nonempty (or the set of users associated with the ClientCursor is empty), or if the user has the killAnyCursor privilege for that collection.



 Comments   
Comment by Githook User [ 10/Jan/18 ]

Author:

{'email': 'sara.golemon@mongodb.com', 'name': 'Sara Golemon', 'username': 'sgolemon'}

Message: SERVER-28260 Check coauth for killCursors and add killAnyCursors

(cherry picked from commit d75b113186e1914a5f2dc6d1983d604324a8f7f1)
Branch: v3.6
https://github.com/mongodb/mongo/commit/66acd9fffbea524fba9fffaf9935b7263efaf747

Comment by Githook User [ 30/Nov/17 ]

Author:

{'name': 'Sara Golemon', 'username': 'sgolemon', 'email': 'sara.golemon@mongodb.com'}

Message: SERVER-28260 Check coauth for killCursors and add killAnyCursors
Branch: master
https://github.com/mongodb/mongo/commit/d75b113186e1914a5f2dc6d1983d604324a8f7f1

Comment by Andy Schwerin [ 10/Mar/17 ]

Rather than create a new privilege, I think we could take the approach used for killop from SERVER-17856. In this approach, users with "killCursors" could kill any cursor on the applicable resource, plus all users could kill their own cursors. Then, I think we'd remove "killCursors" from the non-administrative roles. We'd give administrative roles (whichever ones we chose) killCursors on a wildcard resource, and call it a day.

Generated at Thu Feb 08 04:17:37 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.