[SERVER-78575] Use wildcard databases in user role privileges (like collections) Created: 30/Jun/23  Updated: 05/Jul/23  Resolved: 05/Jul/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: 4.4.7
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Teddy poujol Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

rhel 7-8


Issue Links:
Duplicate
duplicates SERVER-22951 Using regexp patterns for resource sc... Backlog
Operating System: ALL
Participants:

 Description   

SERVER-48632{}

db.createRole(
   {
     role: "manageCustomDatabases",
     privileges: [
       { resource: { db: "custom*", collection: "custom.*" }, actions: [ "find", "update", "insert", "remove" ] }
     ],
     ...
   }
)

It would be great to be able to use wildcard databases when creating privileges for user roles.
both for the creation of new databases and the management of the existing.

We needs to be able to create roles that enable multitenant architecture.
For exemple, in order to create dynamicaly databases per tenant and per microservices.

We have for exemple 2 microservices: microservice1 et microservice2
and 2 tenant: tenant 1 and tenant 2.
And we want to create RoleMicroservice1 and RoleMicroservice2

db.createRole(
   {
     role: "RoleMicroservice1",
     privileges: [
       { resource: { db: "*-microservice1", collection: ".*" }, actions: [ "find", "update", "insert", "remove" ] }
     ],
     ...
   }
)

This would make it easier for administrators to manage permissions for all databases but enables our developers to create dynamicaly databases without impact on other microservices databases.



 Comments   
Comment by Eric Sedor [ 05/Jul/23 ]

Hi tpoujol@softwaymedical.fr. This does seem like a useful feature that I think we are tracking in SERVER-22951. You can add your use-case to our product teams' consideration by submitting a feature request to our MongoDB Feedback Engine and mentioning that ticket.

I'm going to close this ticket as a duplicate of SERVER-22951.

Thank you,
Eric

Generated at Thu Feb 08 06:38:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.