<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 07:40:35 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-1250] Document that system.users access is blocked for readOnly users</title>
                <link>https://jira.mongodb.org/browse/DOCS-1250</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>&lt;p&gt;On the security practices page we dont mention that read only users cannot access the system.users collection for a given DB. We mention explicitly that readOnly users have read access to all collections in a db.&lt;br/&gt;
&lt;a href=&quot;http://docs.mongodb.org/manual/administration/security/#security-authentication&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://docs.mongodb.org/manual/administration/security/#security-authentication&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;We document it here. &lt;a href=&quot;http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/#password-hashing-insecurity&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/#password-hashing-insecurity&lt;/a&gt;&lt;/p&gt;</description>
                <environment></environment>
        <key id="68756">DOCS-1250</key>
            <summary>Document that system.users access is blocked for readOnly users</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="sam.kleinman">Sam Kleinman</assignee>
                                    <reporter username="david.hows">David Hows</reporter>
                        <labels>
                    </labels>
                <created>Mon, 18 Mar 2013 06:48:39 +0000</created>
                <updated>Wed, 20 Mar 2013 14:12:20 +0000</updated>
                            <resolved>Wed, 20 Mar 2013 14:10:36 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="293892" author="auto" created="Wed, 20 Mar 2013 14:12:20 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2013-03-20T05:32:33Z&apos;, u&apos;name&apos;: u&apos;Michael C. Harris&apos;, u&apos;email&apos;: u&apos;michael@twofishcreative.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-1250&quot; title=&quot;Document that system.users access is blocked for readOnly users&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-1250&quot;&gt;&lt;del&gt;DOCS-1250&lt;/del&gt;&lt;/a&gt;: Read-only users can&apos;t read system.users.&lt;/p&gt;

&lt;p&gt;Users with read only access to the admin database can&apos;t read the&lt;br/&gt;
system.users collection. I considered adding a link to [Password Hashing&lt;br/&gt;
Insecurity](&lt;a href=&quot;http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/#password-hashing-insecurity&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/#password-hashing-insecurity&lt;/a&gt;)&lt;br/&gt;
but it doesn&apos;t add value.&lt;/p&gt;

&lt;p&gt;It&apos;s only fair that I patch this, since it was my support ticket that&lt;br/&gt;
caused it to be opened in the first place.&lt;/p&gt;

&lt;p&gt;Signed-off-by: Sam Kleinman &amp;lt;samk@10gen.com&amp;gt;&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/docs/commit/2e2cc49ca57a93fe68293e7b9996982ede333070&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/docs/commit/2e2cc49ca57a93fe68293e7b9996982ede333070&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="293888" author="auto" created="Wed, 20 Mar 2013 14:11:30 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{u&apos;date&apos;: u&apos;2013-03-20T05:32:33Z&apos;, u&apos;name&apos;: u&apos;Michael C. Harris&apos;, u&apos;email&apos;: u&apos;michael@twofishcreative.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-1250&quot; title=&quot;Document that system.users access is blocked for readOnly users&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-1250&quot;&gt;&lt;del&gt;DOCS-1250&lt;/del&gt;&lt;/a&gt;: Read-only users can&apos;t read system.users.&lt;/p&gt;

&lt;p&gt;Users with read only access to the admin database can&apos;t read the&lt;br/&gt;
system.users collection. I considered adding a link to [Password Hashing&lt;br/&gt;
Insecurity](&lt;a href=&quot;http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/#password-hashing-insecurity&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://docs.mongodb.org/manual/tutorial/control-access-to-mongodb-with-authentication/#password-hashing-insecurity&lt;/a&gt;)&lt;br/&gt;
but it doesn&apos;t add value.&lt;/p&gt;

&lt;p&gt;It&apos;s only fair that I patch this, since it was my support ticket that&lt;br/&gt;
caused it to be opened in the first place.&lt;/p&gt;

&lt;p&gt;Signed-off-by: Sam Kleinman &amp;lt;samk@10gen.com&amp;gt;&lt;br/&gt;
Branch: v2.2&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/docs/commit/f84e407daeeff49ee4d2d7b5adc71c5e1e1b3f84&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/docs/commit/f84e407daeeff49ee4d2d7b5adc71c5e1e1b3f84&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="293883" author="samk" created="Wed, 20 Mar 2013 14:10:36 +0000"  >&lt;p&gt;Resolved by community pull request.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                            <outwardlinks description="related to">
                                                        </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>3.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 20 Mar 2013 14:10:36 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        10 years, 48 weeks ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>jess.mokrzecki@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            10 years, 48 weeks ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>auto</customfieldvalue>
            <customfieldvalue>david.hows</customfieldvalue>
            <customfieldvalue>sam.kleinman</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrrzvj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrmrc7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>46514</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hryfy7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>