[SERVER-65088] Create a privilegeless role called 'directShardOperations' Created: 30/Mar/22  Updated: 29/Oct/23  Resolved: 11/Apr/22

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 6.0.0-rc0

Type: Task Priority: Major - P3
Reporter: Judah Schvimer Assignee: Varun Ravichandran
Resolution: Fixed Votes: 0
Labels: RDY
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by TOOLS-3091 Investigate changes in SERVER-65088: ... Closed
Documented
is documented by DOCS-15228 [Server] Investigate changes in SERVE... Closed
Problem/Incident
Backwards Compatibility: Minor Change
Sprint: Security 2022-04-18
Participants:

 Description   

We want to create this "placeholder" role in 6.0.0 that servers no purpose so that 7.0.0 binaries can start blocking direct shard operations (rather than going through a mongos) without having to gate on FCV. Atlas and OM will assign this role to their agents in 6.0 to make the 7.0 transition seamless. In 7.0 the role will start giving users privileges to write directly to shards.



 Comments   
Comment by Githook User [ 11/Apr/22 ]

Author:

{'name': 'Varun Ravichandran', 'email': 'varun.ravichandran@mongodb.com', 'username': 'varunravi98'}

Message: SERVER-65088: Create privilegeless directShardOperations built-in role
Branch: master
https://github.com/mongodb/mongo/commit/cd2230917f4b59c707b644a45fbfe81f581a4ff7

Generated at Thu Feb 08 06:01:50 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.