Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-54529

Add access_check: complex to the aggregate command

    • Type: Icon: Task Task
    • Resolution: Fixed
    • Priority: Icon: Major - P3 Major - P3
    • 5.0.0-rc0
    • Affects Version/s: None
    • Component/s: None
    • None
    • Fully Compatible
    • Security 2021-04-05

      Aggregate is complex. Search the code for LiteParsedDocumentSource::requiredPrivileges.

       

      Here is a potential list discovered during the design phase 

                      -
                          resource: cluster
                          action_type: insert
                      -
                          resource: namespace
                          action_type: find
                      -
                          resource: any_normal
                          action_types: [ changeStream, find]
                      -
                          resouce: database
                          action_types: [ changeStream, find]
       
                      -
                          resource: exact_ns
                          action_types: [ changeStream, find]
       
                      -
                          resource: exact_ns
                          action_types: collStats
                      -
                          resource: cluster
                          action_types: inprog
                      -
                          resource: exact_ns
                          action_types: find
                      -
                          resource: exact_ns
                          action_types: indexStats
                      -
                          resource: any_normal
                          action_types: listCachedAndActiveUsers
                      -
                          resource: any_normal
                          action_types: listSessions
                      -
                          resource: exact_ns
                          action_types: find
                      -
                          resource: exact_ns
                          action_types: bypassDocumentValidation
                      -
                          resource: exact_ns
                          action_types: operationMetrics
                      -
                          resource: exact_ns
                          action_types: [insert, remove, bypassDocumentValidation]
                      -
                          resource: exact_ns
                          action_types: planCacheRead
                      -
                          resource: cluster
                          action_types: fsync
                      -
                          resource: exact_ns
                          action_types: merge
      

            Assignee:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Reporter:
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: