[SERVER-36288] Adjust required $out authz privileges based on mode Created: 25/Jul/18 Updated: 29/Oct/23 Resolved: 23/Aug/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Aggregation Framework, Security |
| Affects Version/s: | None |
| Fix Version/s: | 4.1.3 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Kyle Suarez | Assignee: | Nicholas Zolnierz |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||
| Sprint: | Query 2018-08-27, Query 2018-09-10 | ||||||||
| Participants: | |||||||||
| Description |
|
The privileges required to perform a $out should depend on the mode:
|
| Comments |
| Comment by Githook User [ 23/Aug/18 ] |
|
Author: {'name': 'Nick Zolnierz', 'email': 'nicholas.zolnierz@mongodb.com', 'username': 'nzolnierzmdb'}Message: |
| Comment by Kyle Suarez [ 03/Aug/18 ] |
|
Adjusted the description to reflect our new opinion of the required actions for "replaceDocuments", based on our latest throwdown. |
| Comment by Kyle Suarez [ 25/Jul/18 ] |
|
Charlie and I were debating this in the design for the $out project, so I'm throwing this in Needs Triage. One interesting thing to consider is that the old-school $out requires "insert" and "remove" for what is essentially "replaceCollecttion" mode, but perhaps we should reconsider. |