<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 02:53:33 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-258] Read-only user</title>
                <link>https://jira.mongodb.org/browse/SERVER-258</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;It would be nice if the auth system supported both full-access users and read-only accounts. Even better if you can support requiring auth only for modification and not for queries, eval, group, etc. There would need to be some way to prevent modification even in server-side JS code.&lt;/p&gt;

&lt;p&gt;I&apos;m working on an internal web front-end to query the db and it would be great if users could safely write their own group-by queries when the provided aggregators prove insufficient. If I allow that now there is a risk that they could destroy data.&lt;/p&gt;</description>
                <environment></environment>
        <key id="10486">SERVER-258</key>
            <summary>Read-only user</summary>
                <type id="4" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14710&amp;avatarType=issuetype">Improvement</type>
                                            <priority id="4" iconUrl="https://jira.mongodb.org/images/icons/priorities/minor.svg">Minor - P4</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="aaron">Aaron Staple</assignee>
                                    <reporter username="mathias@mongodb.com">Mathias Stearn</reporter>
                        <labels>
                    </labels>
                <created>Tue, 25 Aug 2009 17:46:08 +0000</created>
                <updated>Tue, 12 Jul 2016 00:29:40 +0000</updated>
                            <resolved>Tue, 2 Feb 2010 19:01:09 +0000</resolved>
                                                    <fixVersion>1.3.2</fixVersion>
                                    <component>Admin</component>
                                        <votes>4</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="99166" author="toothrot" created="Thu, 15 Mar 2012 14:41:04 +0000"  >&lt;p&gt;I agree with Mr. Waldvogel. I believe this is a useful option, and I interpreted the option the same as he did (i.e. only write operations require authentication, not that some users can only write..) Will this be reconsidered/should a new ticket be opened?&lt;/p&gt;</comment>
                            <comment id="92037" author="bwaldvogel" created="Fri, 24 Feb 2012 19:54:40 +0000"  >&lt;p&gt;I understood --authWriteOnly differently. In the wiki I found the following sentence:&lt;br/&gt;
&quot;To run the database with security checking for writes only, use the --authWriteOnly option.&quot;&lt;/p&gt;

&lt;p&gt;Which makes totally sense to me and is actually the exact use case that I have:&lt;br/&gt;
Unauthenticated users should be able to perform read-only operations. But as soon as a write operation is done, it will fail unless the user is authenticated.&lt;/p&gt;</comment>
                            <comment id="91821" author="eliot" created="Fri, 24 Feb 2012 13:36:48 +0000"  >&lt;p&gt;Write only users don&apos;t make much sense in the general case as you can&apos;t see what you write, and trying to keep number of options smaller.&lt;/p&gt;</comment>
                            <comment id="91778" author="bwaldvogel" created="Fri, 24 Feb 2012 08:50:57 +0000"  >&lt;p&gt;What is the reason that --authWriteOnly was removed?&lt;/p&gt;</comment>
                            <comment id="12201" author="auto" created="Mon, 8 Feb 2010 19:52:52 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;login&apos;: &apos;astaple&apos;, &apos;name&apos;: &apos;Aaron&apos;, &apos;email&apos;: &apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-258&quot; title=&quot;Read-only user&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-258&quot;&gt;&lt;del&gt;SERVER-258&lt;/del&gt;&lt;/a&gt; removing --authWriteOnly mode at Eliot&apos;s request&lt;br/&gt;
&lt;a href=&quot;http://github.com/mongodb/mongo/commit/04ef27cb4f32c5f17f70d19ca003ce72c0d5e35b&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://github.com/mongodb/mongo/commit/04ef27cb4f32c5f17f70d19ca003ce72c0d5e35b&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="12101" author="auto" created="Tue, 2 Feb 2010 20:45:22 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;login&apos;: &apos;astaple&apos;, &apos;name&apos;: &apos;Aaron&apos;, &apos;email&apos;: &apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-258&quot; title=&quot;Read-only user&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-258&quot;&gt;&lt;del&gt;SERVER-258&lt;/del&gt;&lt;/a&gt; add test for copying a database&lt;br/&gt;
&lt;a href=&quot;http://github.com/mongodb/mongo/commit/7bc4b39c8c28a1094374172ef49f5bf8fdc62d1d&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://github.com/mongodb/mongo/commit/7bc4b39c8c28a1094374172ef49f5bf8fdc62d1d&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="12092" author="auto" created="Tue, 2 Feb 2010 16:53:02 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;login&apos;: &apos;astaple&apos;, &apos;name&apos;: &apos;Aaron&apos;, &apos;email&apos;: &apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-258&quot; title=&quot;Read-only user&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-258&quot;&gt;&lt;del&gt;SERVER-258&lt;/del&gt;&lt;/a&gt; test debug&lt;br/&gt;
&lt;a href=&quot;http://github.com/mongodb/mongo/commit/95574b3c9ec842ac7636be8e8013150f110e2a59&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://github.com/mongodb/mongo/commit/95574b3c9ec842ac7636be8e8013150f110e2a59&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="12088" author="auto" created="Tue, 2 Feb 2010 16:17:10 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;login&apos;: &apos;astaple&apos;, &apos;name&apos;: &apos;Aaron&apos;, &apos;email&apos;: &apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-258&quot; title=&quot;Read-only user&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-258&quot;&gt;&lt;del&gt;SERVER-258&lt;/del&gt;&lt;/a&gt; test debug&lt;br/&gt;
&lt;a href=&quot;http://github.com/mongodb/mongo/commit/a34be8d49938beec19ed83769537483013d8d581&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://github.com/mongodb/mongo/commit/a34be8d49938beec19ed83769537483013d8d581&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="12077" author="auto" created="Tue, 2 Feb 2010 13:10:40 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;login&apos;: &apos;astaple&apos;, &apos;name&apos;: &apos;Aaron&apos;, &apos;email&apos;: &apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-258&quot; title=&quot;Read-only user&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-258&quot;&gt;&lt;del&gt;SERVER-258&lt;/del&gt;&lt;/a&gt; group work with read only mode&lt;br/&gt;
&lt;a href=&quot;http://github.com/mongodb/mongo/commit/53998ac7fc1058ded4eebbb94cba940521446f5e&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://github.com/mongodb/mongo/commit/53998ac7fc1058ded4eebbb94cba940521446f5e&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="12076" author="auto" created="Tue, 2 Feb 2010 13:10:38 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;login&apos;: &apos;astaple&apos;, &apos;name&apos;: &apos;Aaron&apos;, &apos;email&apos;: &apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-258&quot; title=&quot;Read-only user&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-258&quot;&gt;&lt;del&gt;SERVER-258&lt;/del&gt;&lt;/a&gt; make db.eval work with read only mode&lt;br/&gt;
&lt;a href=&quot;http://github.com/mongodb/mongo/commit/946d42e8e718d0e11ab3389c286b5ae41a23d5e7&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://github.com/mongodb/mongo/commit/946d42e8e718d0e11ab3389c286b5ae41a23d5e7&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="12040" author="aaron" created="Thu, 28 Jan 2010 13:32:23 +0000"  >&lt;p&gt;Oops, should have read the bug more carefully.  This doesn&apos;t work for db.eval or group() yet.&lt;/p&gt;</comment>
                            <comment id="12012" author="aaron" created="Tue, 26 Jan 2010 20:43:54 +0000"  >&lt;p&gt;You can now give a user read only access by setting the readOnly field in the user config object to true.  So, for example:&lt;/p&gt;

{ &quot;user&quot;: &quot;foo&quot;, &quot;pass&quot;: &quot;...&quot;, &quot;readOnly&quot;: true }

&lt;p&gt;There&apos;s also a new --authWriteOnly option where only writes have security checking.&lt;/p&gt;</comment>
                            <comment id="12011" author="auto" created="Tue, 26 Jan 2010 20:41:51 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;login&apos;: &apos;astaple&apos;, &apos;name&apos;: &apos;Aaron&apos;, &apos;email&apos;: &apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-258&quot; title=&quot;Read-only user&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-258&quot;&gt;&lt;del&gt;SERVER-258&lt;/del&gt;&lt;/a&gt; current op should probably be read only authorized afterall&lt;br/&gt;
&lt;a href=&quot;http://github.com/mongodb/mongo/commit/2fc5cd666f9906911fc66f7c18ac9c397989bc5b&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://github.com/mongodb/mongo/commit/2fc5cd666f9906911fc66f7c18ac9c397989bc5b&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="12010" author="auto" created="Tue, 26 Jan 2010 20:41:50 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;login&apos;: &apos;astaple&apos;, &apos;name&apos;: &apos;Aaron&apos;, &apos;email&apos;: &apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-258&quot; title=&quot;Read-only user&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-258&quot;&gt;&lt;del&gt;SERVER-258&lt;/del&gt;&lt;/a&gt; add authWriteOnly mode&lt;br/&gt;
&lt;a href=&quot;http://github.com/mongodb/mongo/commit/6ba9f4c9bc4556e3c99d1253ccd18c0011ca9e3b&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://github.com/mongodb/mongo/commit/6ba9f4c9bc4556e3c99d1253ccd18c0011ca9e3b&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="12009" author="auto" created="Tue, 26 Jan 2010 20:41:49 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;login&apos;: &apos;astaple&apos;, &apos;name&apos;: &apos;Aaron&apos;, &apos;email&apos;: &apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-258&quot; title=&quot;Read-only user&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-258&quot;&gt;&lt;del&gt;SERVER-258&lt;/del&gt;&lt;/a&gt; add smokeAuth target&lt;br/&gt;
&lt;a href=&quot;http://github.com/mongodb/mongo/commit/990092ce3d105d88a5f857e7c2dd196868324dcf&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://github.com/mongodb/mongo/commit/990092ce3d105d88a5f857e7c2dd196868324dcf&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="12008" author="auto" created="Tue, 26 Jan 2010 20:41:48 +0000"  >&lt;p&gt;Author:&lt;/p&gt;
{&apos;login&apos;: &apos;astaple&apos;, &apos;name&apos;: &apos;Aaron&apos;, &apos;email&apos;: &apos;aaron@10gen.com&apos;}
&lt;p&gt;Message: &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-258&quot; title=&quot;Read-only user&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-258&quot;&gt;&lt;del&gt;SERVER-258&lt;/del&gt;&lt;/a&gt; add readOnly auth mode&lt;br/&gt;
&lt;a href=&quot;http://github.com/mongodb/mongo/commit/dcce5e795e5728214d6973a2e4f7168d05b22ecf&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;http://github.com/mongodb/mongo/commit/dcce5e795e5728214d6973a2e4f7168d05b22ecf&lt;/a&gt;&lt;/p&gt;</comment>
                            <comment id="11268" author="redbeard0531" created="Thu, 3 Dec 2009 14:22:59 +0000"  >&lt;p&gt;Read-Write Lock work should make implementing read-only users pretty easy&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>17.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Tue, 26 Jan 2010 20:41:48 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        11 years, 48 weeks, 6 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            11 years, 48 weeks, 6 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>aaron</customfieldvalue>
            <customfieldvalue>auto</customfieldvalue>
            <customfieldvalue>bwaldvogel</customfieldvalue>
            <customfieldvalue>eliot</customfieldvalue>
            <customfieldvalue>mathias@mongodb.com</customfieldvalue>
            <customfieldvalue>toothrot</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrpwcn:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hriv9z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>23720</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hs9vxj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>