<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:24:27 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DRIVERS-1996] Grant &quot;backup&quot; and &quot;restore&quot; roles to users created by Mongo Orchestration</title>
                <link>https://jira.mongodb.org/browse/DRIVERS-1996</link>
                <project id="10980" key="DRIVERS">Drivers</project>
                    <description>&lt;div class=&quot;panel&quot; style=&quot;background-color: #fafbfc;border-color: #21313c;border-style: solid;border-width: 1px;&quot;&gt;&lt;div class=&quot;panelContent&quot; style=&quot;background-color: #fafbfc;&quot;&gt;
&lt;h3&gt;&lt;a name=&quot;Summary&quot;&gt;&lt;/a&gt;&lt;b&gt;Summary&lt;/b&gt;&lt;/h3&gt;
&lt;p&gt;In &lt;a href=&quot;https://github.com/10gen/mongo-orchestration/blob/e0a9fe87cc3632fd862d8f0811ae432f003baf6c/mongo_orchestration/common.py#L58&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;mongo_orchestration/common.py&lt;/a&gt;, mongo-orchestration currently grants users the following roles on the admin database:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;userAdminAnyDatabase&lt;/li&gt;
	&lt;li&gt;clusterAdmin&lt;/li&gt;
	&lt;li&gt;dbAdminAnyDatabase&lt;/li&gt;
	&lt;li&gt;readWriteAnyDatabase&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;This omits the &quot;restore&quot; and &quot;backup&quot; roles, the former of which is required to drop non-system collections in the &quot;local&quot; database. This is responsible for at least one test failure in the PHP driver (&lt;a href=&quot;https://jira.mongodb.org/browse/PHPC-2008&quot; title=&quot;writeresult-getserver-002 fails to drop collection in local db on replicaset-auth&quot; class=&quot;issue-link&quot; data-issue-key=&quot;PHPC-2008&quot;&gt;&lt;del&gt;PHPC-2008&lt;/del&gt;&lt;/a&gt;).&lt;/p&gt;

&lt;h3&gt;&lt;a name=&quot;Motivation&quot;&gt;&lt;/a&gt;&lt;b&gt;Motivation&lt;/b&gt;&lt;/h3&gt;
&lt;h4&gt;&lt;a name=&quot;Whoistheaffectedenduser%3F&quot;&gt;&lt;/a&gt;Who is the affected end user?&lt;/h4&gt;
&lt;p&gt;Drivers.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Howdoesthisaffecttheenduser%3F&quot;&gt;&lt;/a&gt;How does this affect the end user?&lt;/h4&gt;
&lt;p&gt;Unexpected test failure, which likely cannot be addressed with changes to an MO configuration file alone.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Howlikelyisitthatthisproblemorusecasewilloccur%3F&quot;&gt;&lt;/a&gt;How likely is it that this problem or use case will occur?&lt;/h4&gt;
&lt;p&gt;Very likely if a driver test suite is working with the &quot;local&quot; database.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Iftheproblemdoesoccur%2Cwhataretheconsequencesandhowseverearethey%3F&quot;&gt;&lt;/a&gt;If the problem does occur, what are the consequences and how severe are they?&lt;/h4&gt;
&lt;p&gt;Failed tests.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Isthisissueurgent%3F&quot;&gt;&lt;/a&gt;Is this issue urgent?&lt;/h4&gt;
&lt;p&gt;Somewhat.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Isthisticketrequiredbyadownstreamteam%3F&quot;&gt;&lt;/a&gt;Is this ticket required by a downstream team?&lt;/h4&gt;
&lt;p&gt;Needed by PHPC.&lt;/p&gt;

&lt;h4&gt;&lt;a name=&quot;Isthisticketonlyfortests%3F&quot;&gt;&lt;/a&gt;Is this ticket only for tests?&lt;/h4&gt;
&lt;p&gt;Yes.&lt;/p&gt;
&lt;/div&gt;&lt;/div&gt;</description>
                <environment></environment>
        <key id="1935448">DRIVERS-1996</key>
            <summary>Grant &quot;backup&quot; and &quot;restore&quot; roles to users created by Mongo Orchestration</summary>
                <type id="3" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14718&amp;avatarType=issuetype">Task</type>
                                            <priority id="10300" iconUrl="https://jira.mongodb.org/images/icons/priorities/medium.svg">Unknown</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="13201">Fixed</resolution>
                                        <assignee username="jmikola@mongodb.com">Jeremy Mikola</assignee>
                                    <reporter username="jmikola@mongodb.com">Jeremy Mikola</reporter>
                        <labels>
                    </labels>
                <created>Mon, 29 Nov 2021 23:46:19 +0000</created>
                <updated>Sat, 28 Oct 2023 10:44:39 +0000</updated>
                            <resolved>Thu, 16 Dec 2021 14:02:20 +0000</resolved>
                                                        <component>Mongo Orchestration</component>
                                        <votes>0</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="4253452" author="jmikola@gmail.com" created="Thu, 16 Dec 2021 14:02:31 +0000"  >&lt;p&gt;&lt;a href=&quot;https://github.com/10gen/mongo-orchestration/commit/4e1ab405fe880ab278617b980476c6e1dacdd5cf&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/mongo-orchestration/commit/4e1ab405fe880ab278617b980476c6e1dacdd5cf&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4250239" author="jmikola@gmail.com" created="Wed, 15 Dec 2021 15:44:39 +0000"  >&lt;p&gt;&lt;a href=&quot;https://github.com/10gen/mongo-orchestration/pull/288&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://github.com/10gen/mongo-orchestration/pull/288&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="4216149" author="shane.harvey" created="Mon, 29 Nov 2021 23:57:22 +0000"  >&lt;p&gt;One reason to avoid giving the MO user the root role is that it could prevent us from catching certain permission regressions in the server. I think it should have the least permissions needed since it&apos;s the user we auth with in driver tests.&lt;/p&gt;</comment>
                            <comment id="4216139" author="jmikola@gmail.com" created="Mon, 29 Nov 2021 23:51:59 +0000"  >&lt;p&gt;For context, the current roles granted by MO date back to &lt;a href=&quot;https://github.com/10gen/mongo-orchestration/commit/c9e5ec6083b5f2fd4c3f034e6f35d2111c203a8c&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;10gen/mongo-orchestration@c9e5ec6&lt;/a&gt; and have not been touched in the past seven years.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="1935441">PHPC-2008</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                            <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10951" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Driver Changes</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10940"><![CDATA[Not Needed]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hzvcin:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        </customfields>
    </item>
</channel>
</rss>