Currently the localhost exception gives full privileges to all operations and commands. The purpose is only to create the first admin DB user.
Hence it would make sense to limit the localhost exception exposure to give the createUser action type on the admin DB, or possibly the UserAdmin role id that is preferable from an implementation perspective.
- is depended on by
-
DRIVERS-162 Work around reduction of localhost exception permissions in MongoDB >= 2.7.1
- Closed
- is related to
-
SERVER-11126 addUser does not work on mongos without shards
- Closed
-
SERVER-11816 In sharded system with no shards, cannot run commands against dbs other than "config" and "admin"
- Closed
-
JAVA-1528 Work around localhost exception issues in addUser helpers
- Closed
- related to
-
DRIVERS-169 Work around localhost exception issues in addUser helpers
- Closed
-
RUBY-782 Change add_user helper command to work with narrowed localhost exception.
- Closed
-
SERVER-13698 Add roles and privileges to connectionStatus output
- Closed