[SERVER-9011] User authorisation based on source address Created: 18/Mar/13 Updated: 04/Jun/18 Resolved: 10/May/18 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.2.2 |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | Matthew Parsons | Assignee: | Spencer Jackson |
| Resolution: | Done | Votes: | 0 |
| Labels: | authentication | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Participants: | |||||
| Description |
|
User authorisation is at the database level, and access is determined by authentication only. It would enable greater security to also configure user permissions based on the connection source address. This would be particularly useful in locking down monitoring or backup accounts to their point of ingress only. |
| Comments |
| Comment by Spencer Jackson [ 10/May/18 ] |
|
It seems like this functionality has been provided by IP whitelisting. As of 3.6, IP restrictions can now be attached to users and roles. They are validated before authentication can complete. Take a look at the documentation for createUser, which describes how this operation can be performed: https://docs.mongodb.com/manual/reference/command/createUser/index.html |