[SERVER-55049] access control: backup/restore roles should work with time-series collections Created: 08/Mar/21 Updated: 14/May/21 Resolved: 14/May/21 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Geert Bosch | Assignee: | Michael Gargiulo |
| Resolution: | Duplicate | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Sprint: | Execution Team 2021-05-03, Execution Team 2021-05-17, Execution Team 2021-05-31 | ||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
|
These roles should give enough permissions to backup and restore time-series collections including any secondary indexes defined on them. The relevant privileges for the backup and restore roles are defined in the code here:
The time-series collection is considered a normal resource in the access control system. However, this does not apply to the buckets collection because it resides in the system.buckets namespace. The AuthorizationSessionImpl::buildResourceSearchList function is responsible for checking whether an action is allowed to proceed on a resource. |