[SERVER-54529] Add access_check: complex to the aggregate command Created: 12/Feb/21  Updated: 29/Oct/23  Resolved: 31/Mar/21

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 5.0.0-rc0

Type: Task Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Mark Benvenuto
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-54523 Extend access_check for complex check... Closed
is depended on by SERVER-54533 Add error in IDL that all commands wi... Closed
Backwards Compatibility: Fully Compatible
Sprint: Security 2021-04-05
Participants:

 Description   

Aggregate is complex. Search the code for LiteParsedDocumentSource::requiredPrivileges.

 

Here is a potential list discovered during the design phase 

                -
                    resource: cluster
                    action_type: insert
                -
                    resource: namespace
                    action_type: find
                -
                    resource: any_normal
                    action_types: [ changeStream, find]
                -
                    resouce: database
                    action_types: [ changeStream, find]
 
                -
                    resource: exact_ns
                    action_types: [ changeStream, find]
 
                -
                    resource: exact_ns
                    action_types: collStats
                -
                    resource: cluster
                    action_types: inprog
                -
                    resource: exact_ns
                    action_types: find
                -
                    resource: exact_ns
                    action_types: indexStats
                -
                    resource: any_normal
                    action_types: listCachedAndActiveUsers
                -
                    resource: any_normal
                    action_types: listSessions
                -
                    resource: exact_ns
                    action_types: find
                -
                    resource: exact_ns
                    action_types: bypassDocumentValidation
                -
                    resource: exact_ns
                    action_types: operationMetrics
                -
                    resource: exact_ns
                    action_types: [insert, remove, bypassDocumentValidation]
                -
                    resource: exact_ns
                    action_types: planCacheRead
                -
                    resource: cluster
                    action_types: fsync
                -
                    resource: exact_ns
                    action_types: merge



 Comments   
Comment by Githook User [ 31/Mar/21 ]

Author:

{'name': 'Mark Benvenuto', 'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto'}

Message: SERVER-54529 Add access_check: complex to the aggregate command
Branch: master
https://github.com/mongodb/mongo/commit/14cbe5bceb4319b8eac584de16927f68a61af254

Generated at Thu Feb 08 05:33:48 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.