[SERVER-70822] Consider restricting built-in roles permissions on system.buckets collections Created: 24/Oct/22  Updated: 25/Sep/23  Resolved: 25/Sep/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Gregory Noma Assignee: [DO NOT USE] Backlog - Storage Execution NAMER
Resolution: Won't Fix Votes: 0
Labels: time-series
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-61589 Disallow users from creating collecti... Closed
Assigned Teams:
Storage Execution NAMER
Participants:

 Description   

Some built-in roles like readWriteAnyDatabase allow creating and performing other operations directly on a system.buckets collection. Since these collections should be manipulated as a time-series collection rather than directly, we should consider removing some of these permissions. Note that it won't fully disallow these operations since custom roles can always be created which explicitly grant these permissions, but it would have to be more deliberate.


Generated at Thu Feb 08 06:17:13 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.