-
Type: Improvement
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: 2.0.3
-
Component/s: Security
-
None
-
Server Security
-
(copied to CRM)
It would be useful for a connection authenticated as a user in the admin database to be able to su to any other user in the mongod process, then somehow exit from that context and become the admin user again.
User Stories:
- As a DBA, I want to create "super" user privileges/roles that cannot be used for authentication/logins, but can in turn be granted to individial users/roles. Then when those users need to they can execute an individual command as this elevated user/role. This way we have protection against mistakes made in sessions with elevated privileges, and each individual action is audited as such – user:matt executed:db.adminCommand(...) as:super1 at:<UTC time> – so that no security visibility and auditing information is lost.
- As a DB admin UI provider, the admin interface itself will need elevated global privileges in order to service all of the UI users. However, when an individual UI user executes an action via the UI I want to execute the resulting backed database command(s) as that (mapped) user.
Competitor examples: