<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:10:00 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-14282] Investigate changes in SERVER-36263: Bypassing operation validation in applyOps should require special privilege</title>
                <link>https://jira.mongodb.org/browse/DOCS-14282</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>&lt;h2&gt;&lt;a name=&quot;Description&quot;&gt;&lt;/a&gt;Description&lt;/h2&gt;

    &lt;div class=&quot;panel&quot; style=&quot;background-color: #c2d2c2;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelHeader&quot; style=&quot;border-bottom-width: 1px;background-color: #239eb0;&quot;&gt;&lt;b&gt;Downstream Change Summary&lt;/b&gt;&lt;/div&gt;&lt;div class=&quot;panelContent&quot; style=&quot;background-color: #c2d2c2;&quot;&gt;
&lt;p&gt;    We are adding a new privilege that must be acquired to be able to perform&lt;br/&gt;
&quot;applyOps&quot; command.&lt;br/&gt;
ActionType-&amp;gt; applyOps&lt;br/&gt;
Resource-&amp;gt; cluster&lt;/p&gt;
&lt;/div&gt;&lt;/div&gt;

&lt;h2&gt;&lt;a name=&quot;DescriptionofLinkedTicket&quot;&gt;&lt;/a&gt;Description of Linked Ticket&lt;/h2&gt;
&lt;p&gt;    As of&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-25994&quot; title=&quot;Allow applyOps to validate authorization permissions at the operation level &quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-25994&quot;&gt;&lt;del&gt;SERVER-25994&lt;/del&gt;&lt;/a&gt;, a user can run &lt;tt&gt;applyOps&lt;/tt&gt; if they have the privileges to perform each individual operation specified in the the &lt;tt&gt;applyOps&lt;/tt&gt; command. However, &lt;tt&gt;applyOps&lt;/tt&gt; is more powerful than other commands in that it avoids certain input validation (see&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-27096&quot; title=&quot;applyOps should validate its ops to ensure idempotency&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-27096&quot;&gt;SERVER-27096&lt;/a&gt;,&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-32941&quot; title=&quot;applyOps command inserts documents without ever calling fixDocumentForInsert()&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-32941&quot;&gt;SERVER-32941&lt;/a&gt;,&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-32952&quot; title=&quot;applyOps does not validate updates&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-32952&quot;&gt;SERVER-32952&lt;/a&gt;, and&#160;&lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-32305&quot; title=&quot;Able to create document with array as _id using applyOps&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-32305&quot;&gt;SERVER-32305&lt;/a&gt;). This is done intentionally, since &lt;tt&gt;applyOps&lt;/tt&gt; is supposed to behave similarly to oplog application, where the primary does all validation and the secondary applies the changes exactly as the primary specified without validation. This feature is important to products that mimic oplog application, such as mongomirror and mongorestore. However, users should not be able to bypass validation simply because they have permission to write to a collection. Instead, &lt;tt&gt;applyOps&lt;/tt&gt; should require a special privilege for bypassing validation.&lt;/p&gt;

&lt;p&gt;We will create a new privilege bypassing system-level invariants in &lt;tt&gt;applyOps&lt;/tt&gt;. Today, this privilege will be required in order to run &lt;tt&gt;applyOps&lt;/tt&gt; at all, since we have not implemented a version of &lt;tt&gt;applyOps&lt;/tt&gt; that performs validation. The privilege will be included in &lt;tt&gt;dbAdminAnyDatabase&lt;/tt&gt;, which is included in the custom role &lt;tt&gt;atlasAdmin&lt;/tt&gt; and&#160;the temporary user that we create for Live Imports (mongomirror).&lt;/p&gt;


&lt;h2&gt;&lt;a name=&quot;Scopeofchanges&quot;&gt;&lt;/a&gt;Scope of changes&lt;/h2&gt;

&lt;p&gt;Add new privilege to &lt;a href=&quot;https://docs.mongodb.com/manual/reference/privilege-actions/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.com/manual/reference/privilege-actions/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;See what roles have this privilege and add the privilege to the corresponding roles on &lt;a href=&quot;https://docs.mongodb.com/manual/reference/built-in-roles/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://docs.mongodb.com/manual/reference/built-in-roles/&lt;/a&gt;.&lt;/p&gt;

&lt;h2&gt;&lt;a name=&quot;ImpacttoOtherDocs&quot;&gt;&lt;/a&gt;Impact to Other Docs&lt;/h2&gt;

&lt;h2&gt;&lt;a name=&quot;MVP%28WorkandDate%29&quot;&gt;&lt;/a&gt;MVP (Work and Date)&lt;/h2&gt;

&lt;h2&gt;&lt;a name=&quot;Resources%28ScopeorDesignDocs%2CInvision%2Cetc.%29&quot;&gt;&lt;/a&gt;Resources (Scope or Design Docs, Invision, etc.)&lt;/h2&gt;
</description>
                <environment></environment>
        <key id="1645839">DOCS-14282</key>
            <summary>Investigate changes in SERVER-36263: Bypassing operation validation in applyOps should require special privilege</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="ian.fogelman@mongodb.com">Ian Fogelman</assignee>
                                    <reporter username="backlog-server-pm">Backlog - Core Eng Program Management Team</reporter>
                        <labels>
                    </labels>
                <created>Wed, 10 Mar 2021 16:08:40 +0000</created>
                <updated>Mon, 13 Nov 2023 17:57:16 +0000</updated>
                            <resolved>Wed, 4 Aug 2021 14:56:31 +0000</resolved>
                                                    <fixVersion>4.9.0</fixVersion>
                    <fixVersion>4.2.16</fixVersion>
                    <fixVersion>4.0.27</fixVersion>
                    <fixVersion>4.4.9</fixVersion>
                    <fixVersion>Server_Docs_20231030</fixVersion>
                    <fixVersion>Server_Docs_20231106</fixVersion>
                    <fixVersion>Server_Docs_20231105</fixVersion>
                    <fixVersion>Server_Docs_20231113</fixVersion>
                                    <component>manual</component>
                    <component>Server</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>1</watches>
                                                                                                                <comments>
                            <comment id="3978861" author="xgen-internal-githook" created="Tue, 3 Aug 2021 19:11:29 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;name&apos;: &apos;ian fogelman&apos;, &apos;email&apos;: &apos;ian.fogelman@mongodb.com&apos;, &apos;username&apos;: &apos;ianf-mongodb&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-14282&quot; title=&quot;Investigate changes in SERVER-36263: Bypassing operation validation in applyOps should require special privilege&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-14282&quot;&gt;&lt;del&gt;DOCS-14282&lt;/del&gt;&lt;/a&gt;: Bypassing operation validation in applyOps should require special privilege&lt;br/&gt;
Branch: master&lt;br/&gt;
&lt;a href=&quot;https://github.com/mongodb/docs/commit/23d78f2761d25e35d1462b960fe2f55d9871007a&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/mongodb/docs/commit/23d78f2761d25e35d1462b960fe2f55d9871007a&lt;/a&gt;&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10320">
                    <name>Documented</name>
                                            <outwardlinks description="documents">
                                        <issuelink>
            <issuekey id="575778">SERVER-36263</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 3 Aug 2021 19:11:29 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        2 years, 27 weeks, 1 day ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10857" key="com.pyxis.greenhopper.jira:gh-epic-link">
                        <customfieldname>Epic Link</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>DOCSP-15042</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>emet.ozar@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            2 years, 27 weeks, 1 day ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>backlog-server-pm</customfieldvalue>
            <customfieldvalue>xgen-internal-githook</customfieldvalue>
            <customfieldvalue>ian.fogelman@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hyyy6f:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hyk7l3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10557" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="4842">ServerDocs2020: Mar16 - Mar23</customfieldvalue>
    <customfieldvalue id="4851">ServerDocs2020: Mar23 - Mar30</customfieldvalue>
    <customfieldvalue id="4883">ServerDocs2020: Mar30 -  Apr06</customfieldvalue>
    <customfieldvalue id="4909">ServerDocs2020: Apr6 -  Apr13</customfieldvalue>
    <customfieldvalue id="4925">ServerDocs2020: Apr13 -  Apr20</customfieldvalue>
    <customfieldvalue id="4949">ServerDocs2020: Apr20 -  Apr27</customfieldvalue>
    <customfieldvalue id="4977">ServerDocs2020: Apr27 -  May4</customfieldvalue>
    <customfieldvalue id="5002">ServerDocs2020: May4 -  May11</customfieldvalue>
    <customfieldvalue id="5045">ServerDocs2020: May11 -  May18</customfieldvalue>
    <customfieldvalue id="5061">ServerDocs2020: May18 -  May25</customfieldvalue>
    <customfieldvalue id="5099">ServerDocs2020: May25 -  Jun1</customfieldvalue>
    <customfieldvalue id="5345">ServerDocs2021: Aug3 - Aug10</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10555" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>Story Points</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hyykfj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>