[SERVER-55049] access control: backup/restore roles should work with time-series collections Created: 08/Mar/21  Updated: 14/May/21  Resolved: 14/May/21

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Geert Bosch Assignee: Michael Gargiulo
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
Related
is related to TOOLS-2857 Dump timeseries collections Closed
is related to TOOLS-2859 Restore timeseries collections Closed
Sprint: Execution Team 2021-05-03, Execution Team 2021-05-17, Execution Team 2021-05-31
Participants:

 Description   

These roles should give enough permissions to backup and restore time-series collections including any secondary indexes defined on them.

The relevant privileges for the backup and restore roles are defined in the code here:

The time-series collection is considered a normal resource in the access control system. However, this does not apply to the buckets collection because it resides in the system.buckets namespace.

The AuthorizationSessionImpl::buildResourceSearchList function is responsible for checking whether an action is allowed to proceed on a resource.


Generated at Thu Feb 08 05:35:18 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.