[SERVER-7891] Add createCollection ActionType to the required privileges needed to run MapReduce when necessary Created: 10/Dec/12  Updated: 10/Dec/14  Resolved: 17/Sep/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Andy Schwerin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Duplicate
is duplicated by SERVER-10290 Add createCollection to map reduce's ... Closed
Participants:

 Description   

MapReduce should require permission for the createCollection action if the output collection specified doesn't currently exist. This requires having a way to check for the existence of a collection that will work in mongos or mongod.

It's acceptable that it doesn't currently require this privilege because there is currently you can't have insert permission (which is also required by MR when outputting to a collection) without also having createCollection permission (since they're both granted by the readWrite role). This will need to be fixed before we allow user-defined roles.



 Comments   
Comment by Andy Schwerin [ 17/Sep/13 ]

Collection creation will remain implicit in insert privilege, as the behavior is implicit in the insert activity.

Generated at Thu Feb 08 03:15:52 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.