[SERVER-7891] Add createCollection ActionType to the required privileges needed to run MapReduce when necessary Created: 10/Dec/12 Updated: 10/Dec/14 Resolved: 17/Sep/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Brody (Inactive) | Assignee: | Andy Schwerin |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||
| Participants: | |||||||||
| Description |
|
MapReduce should require permission for the createCollection action if the output collection specified doesn't currently exist. This requires having a way to check for the existence of a collection that will work in mongos or mongod. It's acceptable that it doesn't currently require this privilege because there is currently you can't have insert permission (which is also required by MR when outputting to a collection) without also having createCollection permission (since they're both granted by the readWrite role). This will need to be fixed before we allow user-defined roles. |
| Comments |
| Comment by Andy Schwerin [ 17/Sep/13 ] |
|
Collection creation will remain implicit in insert privilege, as the behavior is implicit in the insert activity. |