<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:02:22 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-3198] Ability to restrict operations by role</title>
                <link>https://jira.mongodb.org/browse/SERVER-3198</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Feature:&lt;br/&gt;
Ability to restrict the operations a user can perform. For example, an admin and create and drop indexes but cannot perform a find on a collection. &lt;/p&gt;

&lt;p&gt;Needed for SOX and other regulatory reasons that access to the data content must be restricted.&lt;/p&gt;

&lt;p&gt;Use Case:&lt;br/&gt;
Jim is a DBA for a financial application for Mega Corp. He needs access to the database to ensure that the database is working efficiently, perform backups etc. He needs to create and drop indexes when needed, add shards etc. However, because of the nature of the data, his organizations data security policy states that he cannot view any of the financial data stored in the database. Therefore he is prevented from issuing a db.foo.find() command, running map/reduce jobs etc.&lt;/p&gt;

&lt;p&gt;Proposed Role Delineations:&lt;/p&gt;

&lt;div class=&apos;table-wrap&apos;&gt;
&lt;table class=&apos;confluenceTable&apos;&gt;&lt;tbody&gt;
&lt;tr&gt;
&lt;th class=&apos;confluenceTh&apos;&gt;name&lt;/th&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;description of privilege&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;read&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;ability to query data in any collection in the database, other than &apos;system.users&apos;, and also ability to run any command without an A or W attribute &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;readWrite&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;everything permitted by &apos;read&apos; privilege, and also the ability to insert, update,&lt;br/&gt;
 or remove documents or indexes in any collection other than &apos;system.users&apos;, and also the ability to run any command without an A attribute&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;userAdmin&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;ability to read and write the &apos;system.users&apos; collection&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;dbAdmin&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;ability to run admin commands affecting a single database; see list below&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;serverAdmin&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;ability to run admin commands affecting the entire database server; Can only be set on admin database; see discussion&lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;clusterAdmin&lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt;admin commands for a cluster of shards or a replica set; Can only be set on admin database&lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;&lt;/table&gt;
&lt;/div&gt;
</description>
                <environment></environment>
        <key id="17923">SERVER-3198</key>
            <summary>Ability to restrict operations by role</summary>
                <type id="2" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14711&amp;avatarType=issuetype">New Feature</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="schwerin@mongodb.com">Andy Schwerin</assignee>
                                    <reporter username="alvin">Alvin Richards</reporter>
                        <labels>
                    </labels>
                <created>Sun, 5 Jun 2011 19:04:54 +0000</created>
                <updated>Tue, 12 Jul 2016 00:18:16 +0000</updated>
                            <resolved>Fri, 4 Jan 2013 16:15:35 +0000</resolved>
                                    <version>1.8.1</version>
                                    <fixVersion>2.3.2</fixVersion>
                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>6</watches>
                                                                                                                <comments>
                            <comment id="230970" author="schwerin" created="Fri, 4 Jan 2013 16:15:35 +0000"  >&lt;p&gt;I believe this is effectively resolved by &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7115&quot; title=&quot;Modular Authentication support&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7115&quot;&gt;&lt;del&gt;SERVER-7115&lt;/del&gt;&lt;/a&gt;, and specifically subtask &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-7122&quot; title=&quot;Assign commands to system roles&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-7122&quot;&gt;&lt;del&gt;SERVER-7122&lt;/del&gt;&lt;/a&gt;.&lt;/p&gt;</comment>
                            <comment id="171115" author="schwerin" created="Wed, 3 Oct 2012 20:24:34 +0000"  >&lt;p&gt;The role functionality going into 2.4 may cover this.  If not, the more general role functionality is climbing on the dev todo list for access-control related work.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10011">
                    <name>Depends</name>
                                            <outwardlinks description="depends on">
                                        <issuelink>
            <issuekey id="51258">SERVER-7122</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="51262">SERVER-7126</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="is depended on by">
                                        <issuelink>
            <issuekey id="17924">SERVER-3199</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="25112">SERVER-4319</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10012">
                    <name>Related</name>
                                                                <inwardlinks description="is related to">
                                        <issuelink>
            <issuekey id="55768">SERVER-7604</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 3 Oct 2012 20:24:34 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        11 years, 6 weeks, 5 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[<s><a href='https://jira.mongodb.org/browse/SERVER-7122'>SERVER-7122</a></s>, <s><a href='https://jira.mongodb.org/browse/SERVER-7126'>SERVER-7126</a></s>]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>false</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            11 years, 6 weeks, 5 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>alvin</customfieldvalue>
            <customfieldvalue>schwerin@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hroyn3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hribf3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>20495</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|ht055z:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>