[SERVER-43346] Allow for a granular permissions model for renameCollection Created: 16/Sep/19  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: Harshad Dhavale Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 5
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Assigned Teams:
Server Security
Participants:
Case:

 Description   

Currently, the privileges for collection renaming are validated only at the database level, and currently there is no way to have specific privileges only on the source and destination collections, in order to rename a specific source collection to a specific destination collection. This is because privileges don't give us a way to specify metadata about them. Privileges only possess a resource and a set of actionTypes. That means, it's not possible to specify a "privilege" which applies to performing an action on resource, in relation to another resource.

Therefore, in order to rename a source collection to a target collection, it is not possible to grant renameCollectionSameDB privilege-action only on the source and target collections. It has to be done at a DB level.

This is a feature request to allow for a more granular permissions model for the renameCollection functionality.


Generated at Thu Feb 08 05:02:56 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.