[SERVER-38293] Make listDatabases understand collection privileges Created: 28/Nov/18 Updated: 29/Oct/23 Resolved: 06/Dec/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security, Usability |
| Affects Version/s: | None |
| Fix Version/s: | 4.0.6, 4.1.7 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Jackson | Assignee: | Isabella Siu (Inactive) |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | bkp | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||||||
| Operating System: | ALL | ||||||||||||||||
| Backport Requested: |
v4.0
|
||||||||||||||||
| Sprint: | Security 2018-12-17 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
listDatabases currently can produce a list of all databases the client is authorized for. It decides that a user is authorized if it possesses the find action on the database resource. However, a client may possess the find action (or any other action) on a collection resource inside of the database. listDatabases should return all databases for which the client possesses any action on the database or on any collection within the database. |
| Comments |
| Comment by Githook User [ 21/Dec/18 ] |
|
Author: {'username': 'iwysiu', 'email': 'isabella.siu@10gen.com', 'name': 'Isabella Siu'}Message: |
| Comment by Githook User [ 06/Dec/18 ] |
|
Author: {'name': 'Isabella Siu', 'email': 'isabella.siu@10gen.com', 'username': 'iwysiu'}Message: |