[SERVER-8157] Server should allow multiple users stored in the same database to authenticate on the same connection Created: 13/Jan/13  Updated: 10/Dec/14  Resolved: 24/Oct/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.3.2
Fix Version/s: None

Type: Improvement Priority: Major - P3
Reporter: Robert Stam Assignee: Unassigned
Resolution: Won't Fix Votes: 1
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-8144 Authenticating as 2 users on the same... Closed
Backwards Compatibility: Minor Change
Participants:

 Description   

The server currently only allows you to authenticate one user at a time from a given database per connection. Now that we support storing users in one database and granting them access to other databases, here's a reasonable use case:

1. I create users "X" and "Y" in the "users" database
2. I grant "X" access to some databases
3. I grant "Y" access to some other databases
4. I want to authenticate as both "X" and "Y" on the same connection to get access to both sets of databases

This is in contradiction to SERVER-8144 which requests that logging on as "Y" (after "X") will automatically log off "X". But I think the behavior being requested in this JIRA is more logical and useful.

A related change would be that the logout command should have an additional parameter called "username".

This would be slightly backward breaking if a program was counting on the previous behavior, but only in the sense that they would have slightly more privileges than if "X" was automatically logged out.



 Comments   
Comment by Andy Schwerin [ 24/Oct/13 ]

We're trying to move away from multiple authenticated users attached to a single connection, because of its confusing security properties.

Generated at Thu Feb 08 03:16:42 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.