[SERVER-36288] Adjust required $out authz privileges based on mode Created: 25/Jul/18  Updated: 29/Oct/23  Resolved: 23/Aug/18

Status: Closed
Project: Core Server
Component/s: Aggregation Framework, Security
Affects Version/s: None
Fix Version/s: 4.1.3

Type: Task Priority: Major - P3
Reporter: Kyle Suarez Assignee: Nicholas Zolnierz
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-36286 Rename options for new $out Closed
Backwards Compatibility: Fully Compatible
Sprint: Query 2018-08-27, Query 2018-09-10
Participants:

 Description   

The privileges required to perform a $out should depend on the mode:

  • "replaceCollection" requires the "remove" and "insert" actions on the output namespace.
  • "replacedocuments" requires the "update" and "insert" actions.
  • "insertDocuments" requires only the "insert" action.


 Comments   
Comment by Githook User [ 23/Aug/18 ]

Author:

{'name': 'Nick Zolnierz', 'email': 'nicholas.zolnierz@mongodb.com', 'username': 'nzolnierzmdb'}

Message: SERVER-36288: Adjust required $out authz privileges based on mode
Branch: master
https://github.com/mongodb/mongo/commit/84cabb97f967774645dcb9ea2581e3345a9b7547

Comment by Kyle Suarez [ 03/Aug/18 ]

Adjusted the description to reflect our new opinion of the required actions for "replaceDocuments", based on our latest throwdown.

Comment by Kyle Suarez [ 25/Jul/18 ]

Charlie and I were debating this in the design for the $out project, so I'm throwing this in Needs Triage. One interesting thing to consider is that the old-school $out requires "insert" and "remove" for what is essentially "replaceCollecttion" mode, but perhaps we should reconsider.

Generated at Thu Feb 08 04:42:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.