[SERVER-39161] User management commands should ensure the created user is usable Created: 23/Jan/19 Updated: 06/Dec/22 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | Admin |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | New Feature | Priority: | Major - P3 |
| Reporter: | Joe Caswell | Assignee: | Backlog - Security Team |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Attachments: |
|
||||
| Issue Links: |
|
||||
| Assigned Teams: |
Server Security
|
||||
| Participants: | |||||
| Case: | (copied to CRM) | ||||
| Description |
|
If the role graph produced by usersInfo with the showPrivileges option exceeds the BSON document size limit, an exception is thrown. Since usersInfo is used in the authentication process, this prevents the user from authenticating. Currently the user and role management commands do not validate that the modifications made actually result is usable users. The worst case scenario is a userAdmin could lock themselves out. There should be some manner of warning or error when this occurs. |