[SERVER-31864] applyOps command with UUID containing op must require granular privileges Created: 07/Nov/17  Updated: 30/Oct/23  Resolved: 04/Dec/17

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: 3.6.1, 3.7.1

Type: Improvement Priority: Major - P3
Reporter: Spencer Jackson Assignee: Xiangyu Yao (Inactive)
Resolution: Fixed Votes: 0
Labels: bkp
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Depends
Gantt Dependency
has to be done after SERVER-31810 applyOps command with UUID containing... Closed
Backwards Compatibility: Fully Compatible
Backport Requested:
v3.6
Sprint: Storage 2017-12-04
Participants:

 Description   

After SERVER-31810, the applyOps command will require elevated privileges when applying operations containing UUIDs. Tools wanting to apply these operations will need to either run with the 'restore' or equivalent custom role, or strip the UUIDs from the operations to emulate 3.4 behavior.

In order to allow non-restore users to apply operations to collections they control and are otherwise authorized to manipulate, the privilege checks on the applyOps command must made aware of how UUIDs can be used in ops, and which privileges are required to interact with them.



 Comments   
Comment by Githook User [ 07/Dec/17 ]

Author:

{'name': 'Xiangyu Yao', 'username': 'xy24', 'email': 'xiangyu.yao@mongodb.com'}

Message: SERVER-31864 applyOps command with UUID containing op must require granular privileges

(cherry picked from commit ec36d4bb79be90b24d81f4dfc2718ea2625cfc75)
Branch: v3.6
https://github.com/mongodb/mongo/commit/2ff0e2dd55a0360cb5223f496849fe2df2209b1a

Comment by Githook User [ 04/Dec/17 ]

Author:

{'username': 'xy24', 'email': 'xiangyu.yao@mongodb.com', 'name': 'Xiangyu Yao'}

Message: SERVER-31864 applyOps command with UUID containing op must require granular privileges
Branch: master
https://github.com/mongodb/mongo/commit/ec36d4bb79be90b24d81f4dfc2718ea2625cfc75

Generated at Thu Feb 08 04:28:25 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.