[SERVER-3198] Ability to restrict operations by role Created: 05/Jun/11  Updated: 12/Jul/16  Resolved: 04/Jan/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 1.8.1
Fix Version/s: 2.3.2

Type: New Feature Priority: Major - P3
Reporter: Alvin Richards (Inactive) Assignee: Andy Schwerin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-7122 Assign commands to system roles Closed
depends on SERVER-7126 new authPrinciples and acquiredCapabi... Closed
is depended on by SERVER-3199 Restrict user creation to admin only Closed
is depended on by SERVER-4319 MongoDB Authentication related querie... Closed
Related
is related to SERVER-7604 On MongoS read-only users should be d... Closed
Participants:

 Description   

Feature:
Ability to restrict the operations a user can perform. For example, an admin and create and drop indexes but cannot perform a find on a collection.

Needed for SOX and other regulatory reasons that access to the data content must be restricted.

Use Case:
Jim is a DBA for a financial application for Mega Corp. He needs access to the database to ensure that the database is working efficiently, perform backups etc. He needs to create and drop indexes when needed, add shards etc. However, because of the nature of the data, his organizations data security policy states that he cannot view any of the financial data stored in the database. Therefore he is prevented from issuing a db.foo.find() command, running map/reduce jobs etc.

Proposed Role Delineations:

name description of privilege
read ability to query data in any collection in the database, other than 'system.users', and also ability to run any command without an A or W attribute
readWrite everything permitted by 'read' privilege, and also the ability to insert, update,
or remove documents or indexes in any collection other than 'system.users', and also the ability to run any command without an A attribute
userAdmin ability to read and write the 'system.users' collection
dbAdmin ability to run admin commands affecting a single database; see list below
serverAdmin ability to run admin commands affecting the entire database server; Can only be set on admin database; see discussion
clusterAdmin admin commands for a cluster of shards or a replica set; Can only be set on admin database


 Comments   
Comment by Andy Schwerin [ 04/Jan/13 ]

I believe this is effectively resolved by SERVER-7115, and specifically subtask SERVER-7122.

Comment by Andy Schwerin [ 03/Oct/12 ]

The role functionality going into 2.4 may cover this. If not, the more general role functionality is climbing on the dev todo list for access-control related work.

Generated at Thu Feb 08 03:02:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.