Uploaded image for project: 'Compass '
  1. Compass
  2. COMPASS-7739

Investigate using authorizedDatabases and authorizedCollections in Compass

    • Developer Tools

      The aim of the investigation is to confirm if we could use these commands in Compass to replace the custom code we have for working around cases where users don't have listDatabases or listCollections permissions. To identify its support across different mongodb versions and flavours (think ADF, serverless, free tier), if we need fallbacks and if we'd have to file tickets to address shortcomings in other projects.

       

      db.adminCommand({ listDatabases: true, authorizedDatabases: true })
      db.runCommand({ listCollections: true, authorizedCollections: true, nameOnly: true }) 

       

      (Note that according to documentation authorizedCollections only works with nameOnly: true.)

       

      https://www.mongodb.com/docs/manual/reference/command/listDatabases/#command-fields

      https://www.mongodb.com/docs/manual/reference/command/listCollections/#command-fields

       

      The behaviour is possibly a bit "quirky" for us. According to the documentation authorizedDatabases mean that the server will only return the databases for which the user has privileges on either the database or a collection in that database. Which is different to when the property isn't specified when it will return all the databases, assuming the user has listDatabases. That in itself would likely be a regression.

      So authorizedDatabases has three possible values: true, false and undefined. Not even taking mongodb versions and variations into account.

      authorizedCollections has two: true/false. Undefined acts like false. And it only works if nameOnly is true.

        1. image-2024-06-19-09-32-35-731.png
          image-2024-06-19-09-32-35-731.png
          12 kB
        2. screenshot-1.png
          screenshot-1.png
          61 kB

            Assignee:
            Unassigned Unassigned
            Reporter:
            leroux.bodenstein@mongodb.com Le Roux Bodenstein
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: