Feature:
Ability to restrict the operations a user can perform. For example, an admin and create and drop indexes but cannot perform a find on a collection.
Needed for SOX and other regulatory reasons that access to the data content must be restricted.
Use Case:
Jim is a DBA for a financial application for Mega Corp. He needs access to the database to ensure that the database is working efficiently, perform backups etc. He needs to create and drop indexes when needed, add shards etc. However, because of the nature of the data, his organizations data security policy states that he cannot view any of the financial data stored in the database. Therefore he is prevented from issuing a db.foo.find() command, running map/reduce jobs etc.
Proposed Role Delineations:
name | description of privilege |
---|---|
read | ability to query data in any collection in the database, other than 'system.users', and also ability to run any command without an A or W attribute |
readWrite | everything permitted by 'read' privilege, and also the ability to insert, update, or remove documents or indexes in any collection other than 'system.users', and also the ability to run any command without an A attribute |
userAdmin | ability to read and write the 'system.users' collection |
dbAdmin | ability to run admin commands affecting a single database; see list below |
serverAdmin | ability to run admin commands affecting the entire database server; Can only be set on admin database; see discussion |
clusterAdmin | admin commands for a cluster of shards or a replica set; Can only be set on admin database |
- depends on
-
SERVER-7122 Assign commands to system roles
- Closed
-
SERVER-7126 new authPrinciples and acquiredCapabilities data structures
- Closed
- is depended on by
-
SERVER-3199 Restrict user creation to admin only
- Closed
-
SERVER-4319 MongoDB Authentication related queries/issues
- Closed
- is related to
-
SERVER-7604 On MongoS read-only users should be denied access to system.users collection
- Closed