[SERVER-29138] Extend aggregation access control checks to handle $changeNotification access control rules Created: 11/May/17  Updated: 30/Oct/23  Resolved: 02/Oct/17

Status: Closed
Project: Core Server
Component/s: Replication
Affects Version/s: None
Fix Version/s: 3.6.0-rc0

Type: Task Priority: Major - P3
Reporter: Crystal Horn Assignee: Katherine Walker (Inactive)
Resolution: Fixed Votes: 0
Labels: todo_in_code
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Documented
Backwards Compatibility: Fully Compatible
Sprint: Repl 2017-10-02
Participants:

 Comments   
Comment by Githook User [ 02/Oct/17 ]

Author:

{'email': 'katherine.walker@mongodb.com', 'name': 'Katherine Walker', 'username': 'kvwalker'}

Message: SERVER-29138: Extend aggregation access control checks to handle $changeStream access control rules
Branch: master
https://github.com/mongodb/mongo/commit/001b510a51f5232d94205a3779b48404ca34816a

Comment by Spencer Brody (Inactive) [ 19/Sep/17 ]

Plan is to add a new 'changestream' action type and grant it to the 'read', 'readWrite', 'readAnyDatabase', and 'readWriteAnyDatabase' roles. Users who want to grant access to perform finds/aggregates but not change streams will need to build a custom role to do so.

Generated at Thu Feb 08 04:20:00 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.