[SERVER-83600] Grant the builtin role clusterMonitor privileges to any_system_bucket Created: 27/Nov/23  Updated: 12/Dec/23  Resolved: 12/Dec/23

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: 7.3.0-rc0

Type: Bug Priority: Major - P3
Reporter: Mark Benvenuto Assignee: Niaz Pavel
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Server Security
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Security 2023-12-11, Security 2023-12-25
Participants:

 Description   

clusterMonitor has the following privileges on any_normal.

            - matchType: any_normal
              actions: &clusterMonitorRoleDatabaseActions
                  - collStats
                  - dbStats
                  - getDatabaseVersion
                  - getShardVersion
                  - indexStats

The same should be granted to any_system_buckets.



 Comments   
Comment by Niaz Pavel [ 12/Dec/23 ]

https://github.com/10gen/mongo/pull/17462

Comment by Githook User [ 12/Dec/23 ]

Author:

{'name': 'Niaz Pavel', 'email': 'niaz.pavel@mongodb.com', 'username': 'niazpavelatmongo'}

Message: SERVER-83600 Grant the builtin role clusterMonitor privileges to any_system_bucket.

GitOrigin-RevId: d9ec24d59d7e13fd888a59750d017d993f2f0e4e
Branch: master
https://github.com/mongodb/mongo/commit/3a4c44e7bdf0353cdc603d8fd98ae542905e1558

Comment by Niaz Pavel [ 07/Dec/23 ]

Mark is reviewing my code.

Generated at Thu Feb 08 06:52:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.