[SERVER-38293] Make listDatabases understand collection privileges Created: 28/Nov/18  Updated: 29/Oct/23  Resolved: 06/Dec/18

Status: Closed
Project: Core Server
Component/s: Security, Usability
Affects Version/s: None
Fix Version/s: 4.0.6, 4.1.7

Type: Bug Priority: Major - P3
Reporter: Spencer Jackson Assignee: Isabella Siu (Inactive)
Resolution: Fixed Votes: 0
Labels: bkp
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Backports
Documented
is documented by DOCS-12244 Docs for SERVER-38293: Make listDatab... Closed
Related
Backwards Compatibility: Minor Change
Operating System: ALL
Backport Requested:
v4.0
Sprint: Security 2018-12-17
Participants:

 Description   

listDatabases currently can produce a list of all databases the client is authorized for. It decides that a user is authorized if it possesses the find action on the database resource. However, a client may possess the find action (or any other action) on a collection resource inside of the database.

listDatabases should return all databases for which the client possesses any action on the database or on any collection within the database.



 Comments   
Comment by Githook User [ 21/Dec/18 ]

Author:

{'username': 'iwysiu', 'email': 'isabella.siu@10gen.com', 'name': 'Isabella Siu'}

Message: SERVER-38293 make listDatabases understand collection privileges
Branch: v4.0
https://github.com/mongodb/mongo/commit/98ae5d550cf102f0519b801bdbfcf90c62e6ea1a

Comment by Githook User [ 06/Dec/18 ]

Author:

{'name': 'Isabella Siu', 'email': 'isabella.siu@10gen.com', 'username': 'iwysiu'}

Message: SERVER-38293 make listDatabases understand collection privileges
Branch: master
https://github.com/mongodb/mongo/commit/03c126d78075ab4248a63d3221ea188e2c633871

Generated at Thu Feb 08 04:48:32 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.