[SERVER-69713] Test that cluster* commands on mongod cannot be run by user without the internal action privilege Created: 14/Sep/22 Updated: 12/Dec/23 |
|
| Status: | Backlog |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Cheahuychou Mao | Assignee: | Backlog - Cluster Scalability |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | sharding-nyc-subteam2 | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Assigned Teams: |
Cluster Scalability
|
||||
| Participants: | |||||
| Linked BF Score: | 5 | ||||
| Story Points: | 2 | ||||
| Description |
|
We have test coverage in commands_builtin_roles_standalone.js (i.e. for mongod) that the cluster* commands (e.g. here) can be run by a user with the "internal" action privilege but there is currently no test that verifies that a user without the "internal" action privilege can't run these commands. |