Loading...

XML

Word

Printable

JSON

Type: Improvement
Resolution: Done
Priority: Major - P3
Fix Version/s: 3.2.11, 3.4.0-rc0
Affects Version/s: None
Component/s: Replication, Security
Labels:
- code-and-test

Backwards Compatibility:
Minor Change
Backport Completed:

3.2.11
Sprint:
Platforms 2016-09-19, Platforms 2016-10-10
Case:
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Currently, applyOps requires that the authenticated user has the ability to perform any operation on the system. However, applying an individual op may not require such extensive privileges. If the authenticated user has the ability to perform some operations, like inserting documents to a particular collection, they should be able to perform the same actions use applyOps.

duplicates

SERVER-19191 "restore" role does not have applyOps permissions on servers using a keyFile

Closed

is related to

SERVER-19768 Failed applyOps command does not create an oplog entry even with some successful writes

Closed

related to

SERVER-53674 Do not run applyOps commands in the fuzzer

Closed

SERVER-36263 Bypassing operation validation in applyOps should require special privilege

Closed

Assignee:: Spencer Jackson
Reporter:: Spencer Jackson
Participants:: Githook User, Spencer Jackson
Votes:: 0 Vote for this issue
Watchers:: 14 Start watching this issue

Created:: Sep 07 2016 02:21:17 PM UTC
Updated:: Aug 04 2021 08:06:42 PM UTC
Resolved:: Sep 30 2016 05:46:36 PM UTC
Confidence Status Last Update:: 08/Sep/16 7:02 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates