[SERVER-5314] Ability to su from users in admin database Created: 14/Mar/12  Updated: 06/Dec/22

Status: Backlog
Project: Core Server
Component/s: Security
Affects Version/s: 2.0.3
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Jared D. Cottrell Assignee: Backlog - Security Team
Resolution: Unresolved Votes: 2
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Problem/Incident
Related
Assigned Teams:
Server Security
Participants:
Case:

 Description   

It would be useful for a connection authenticated as a user in the admin database to be able to su to any other user in the mongod process, then somehow exit from that context and become the admin user again.

User Stories:

  • As a DBA, I want to create "super" user privileges/roles that cannot be used for authentication/logins, but can in turn be granted to individial users/roles. Then when those users need to they can execute an individual command as this elevated user/role. This way we have protection against mistakes made in sessions with elevated privileges, and each individual action is audited as such – user:matt executed:db.adminCommand(...) as:super1 at:<UTC time> – so that no security visibility and auditing information is lost.
  • As a DB admin UI provider, the admin interface itself will need elevated global privileges in order to service all of the UI users. However, when an individual UI user executes an action via the UI I want to execute the resulting backed database command(s) as that (mapped) user. 

Competitor examples:


Generated at Thu Feb 08 03:08:31 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.