[SERVER-79071] Add new privilege action type for non-tokenized $queryStats invocation Created: 18/Jul/23 Updated: 29/Oct/23 Resolved: 28/Jul/23 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 7.1.0-rc0 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Charlie Swanson | Assignee: | Naama Bareket |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | customer-security-and-privacy-considerations | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Assigned Teams: |
Query Optimization
|
||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||
| Participants: | |||||||||||||
| Description |
|
We want non-tokenized invocations to demand an explicit privilege action, and so we also need to change the $queryStats stage to say that invocations without 'transformIdentifiers' are not allowed with only the queryStatsRead privilege. At the time of this filing it's still being discussed whether this should be part of the clusterManager role by default like the existing action |
| Comments |
| Comment by Githook User [ 28/Jul/23 ] |
|
Author: {'name': 'Naama Bareket', 'email': 'naama.bareket@mongodb.com', 'username': 'naama-bareket'}Message: |