[SERVER-65088] Create a privilegeless role called 'directShardOperations' Created: 30/Mar/22 Updated: 29/Oct/23 Resolved: 11/Apr/22 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 6.0.0-rc0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Judah Schvimer | Assignee: | Varun Ravichandran |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | RDY | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||||||
| Backwards Compatibility: | Minor Change | ||||||||||||||||||||
| Sprint: | Security 2022-04-18 | ||||||||||||||||||||
| Participants: | |||||||||||||||||||||
| Description |
|
We want to create this "placeholder" role in 6.0.0 that servers no purpose so that 7.0.0 binaries can start blocking direct shard operations (rather than going through a mongos) without having to gate on FCV. Atlas and OM will assign this role to their agents in 6.0 to make the 7.0 transition seamless. In 7.0 the role will start giving users privileges to write directly to shards. |
| Comments |
| Comment by Githook User [ 11/Apr/22 ] |
|
Author: {'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}Message: |