[SERVER-29138] Extend aggregation access control checks to handle $changeNotification access control rules Created: 11/May/17 Updated: 30/Oct/23 Resolved: 02/Oct/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Replication |
| Affects Version/s: | None |
| Fix Version/s: | 3.6.0-rc0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Crystal Horn | Assignee: | Katherine Walker (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | todo_in_code | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Backwards Compatibility: | Fully Compatible | ||||
| Sprint: | Repl 2017-10-02 | ||||
| Participants: | |||||
| Comments |
| Comment by Githook User [ 02/Oct/17 ] |
|
Author: {'email': 'katherine.walker@mongodb.com', 'name': 'Katherine Walker', 'username': 'kvwalker'}Message: |
| Comment by Spencer Brody (Inactive) [ 19/Sep/17 ] |
|
Plan is to add a new 'changestream' action type and grant it to the 'read', 'readWrite', 'readAnyDatabase', and 'readWriteAnyDatabase' roles. Users who want to grant access to perform finds/aggregates but not change streams will need to build a custom role to do so. |