Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Unresolved
Priority: Major - P3
Fix Version/s: features we're not sure of
Affects Version/s: None
Component/s: Security
Labels:
- security

Assigned Teams:

Server Security
Case:

Allow deny/revoke privs to apply to roles. Since the current system has "grant" based roles implicitly there is no way to do this now without explicitly specifying each resource (db/collection) ahead of time.

Orig
We have a situation where our code creates and drops DBs regularly to hold temp data. In order to do this the application role must get a high level of permissions. We would like however to be able to prevent the application from dropping the core DB that is our data store. Would like to have ability to give permissions on `all DBs except ...`

is duplicated by

SERVER-25987 Support for negative permissions

Closed

SERVER-30519 All custom roles to deny specific privileges

Closed

is related to

SERVER-22951 Using regexp patterns for resource scope in user-defined roles

Backlog

Assignee:: [DO NOT USE] Backlog - Security Team

Reporter:: John Butler

Participants:: [DO NOT USE] Backlog - Security Team, John Butler, NOVALUE Mitar, Sander van Loo, Scott Hernandez

Votes:: 5 Vote for this issue

Watchers:: 13 Start watching this issue

Created:: Apr 23 2014 02:36:50 PM UTC

Updated:: Dec 06 2022 05:07:13 AM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates