[SERVER-7767] Add support for new-style privilege documents granting role-based privileges Created: 26/Nov/12  Updated: 02/Aug/18  Resolved: 21/Dec/12

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.3.2

Type: Task Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Andy Schwerin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Participants:

 Comments   
Comment by auto [ 20/Dec/12 ]

Author:

{u'date': u'2012-12-19T19:02:40Z', u'email': u'schwerin@10gen.com', u'name': u'Andy Schwerin'}

Message: SERVER-7767 Validate system.users documents on insert and update.
Branch: master
https://github.com/mongodb/mongo/commit/e223993deff1dfd1f054acd01c29759b56a9afb1

Comment by auto [ 20/Dec/12 ]

Author:

{u'date': u'2012-12-19T18:41:05Z', u'email': u'schwerin@10gen.com', u'name': u'Andy Schwerin'}

Message: SERVER-7767 Implement a validator for compatibility and extended privilege documents.

This will be for use in validating inserts and updates to system.users collections.
Branch: master
https://github.com/mongodb/mongo/commit/6c71d937eaa1599d7a233d368d7a9d57c3cf7d4a

Comment by auto [ 19/Dec/12 ]

Author:

{u'date': u'2012-12-17T19:37:37Z', u'email': u'schwerin@10gen.com', u'name': u'Andy Schwerin'}

Message: Make AuthorizationManager::checkAuthForPrivilege/s the authoritative privilege checking methods.

SERVER-7767
Branch: master
https://github.com/mongodb/mongo/commit/ca6558f3fb779cba5720d1c30ef5c216959fcec8

Comment by auto [ 17/Dec/12 ]

Author:

{u'date': u'2012-12-10T19:06:13Z', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'}

Message: SERVER-7767 Support extended privilege document format in the AuthorizationManager.

Includes unit but not integration tests.
Branch: master
https://github.com/mongodb/mongo/commit/50f22ef561c08c56b26e8f4e2bef5636180280f4

Comment by auto [ 14/Dec/12 ]

Author:

{u'date': u'2012-12-11T22:26:58Z', u'email': u'schwerin@10gen.com', u'name': u'Andy Schwerin'}

Message: Reimplement PrivilegeSet.

This new implementation embeds in PrivilegeSet the hierarchical privilege
checking algorithm. This is necessary in order to allow a connection with
multiple authenticated princiapls to correctly resolve whether or not a
command is authorized, given the case where one principal's authority provides
some of the required privileges, and another's provides the rest.

SERVER-7767
Branch: master
https://github.com/mongodb/mongo/commit/9da0609329171710ac085c66038c6399d4e4423b

Generated at Thu Feb 08 03:15:33 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.