[SERVER-9011] User authorisation based on source address Created: 18/Mar/13  Updated: 04/Jun/18  Resolved: 10/May/18

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.2.2
Fix Version/s: None

Type: Improvement Priority: Minor - P4
Reporter: Matthew Parsons Assignee: Spencer Jackson
Resolution: Done Votes: 0
Labels: authentication
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
Participants:

 Description   

User authorisation is at the database level, and access is determined by authentication only.

It would enable greater security to also configure user permissions based on the connection source address. This would be particularly useful in locking down monitoring or backup accounts to their point of ingress only.



 Comments   
Comment by Spencer Jackson [ 10/May/18 ]

It seems like this functionality has been provided by IP whitelisting. As of 3.6, IP restrictions can now be attached to users and roles. They are validated before authentication can complete. Take a look at the documentation for createUser, which describes how this operation can be performed: https://docs.mongodb.com/manual/reference/command/createUser/index.html

Generated at Thu Feb 08 03:19:04 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.