Loading...

XML

Word

Printable

JSON

Type: Task
Resolution: Fixed
Priority: Major - P3
Fix Version/s: 7.2.0-rc0
Affects Version/s: None
Component/s: None
Labels:
None

Assigned Teams:

Server Security
Backwards Compatibility:
Fully Compatible
Sprint:
Security 2023-08-07, Security 2023-08-21, Security 2023-09-04, Security 2023-09-18
Confidence Status:
None
Work Order:
3

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name:
None
Goal Link:
None

Once the ResourcePattern and ParsedPrivilege APIs handle tenantIds, change any remaining call sites to NamespaceString::createNamespaceStringForAuth to call the appropriate method on NamespaceStringUtil to construct NamespaceStrings instead. Then, remove NamespaceString::createNamespaceStringForAuth, as it skips validation that tenantIds exist when they should.

Note that the current model for db-only resource patterns includes the db.coll delimiter. In order to more accurately match the `NamespaceString(const DatabaseName&)` constructor's behavior, we should move auth usages of dbonly patterns to not include the delimiter. This will require careful review of AuthorizationSessionImpl and UserManagementCommands.

is depended on by

SERVER-80635 Use AuthPrevalidated for auth-specific de/serialization

Closed

is related to

SERVER-76294 Remove DatabaseName::createDatabaseNameForAuth

Closed

related to

SERVER-81087 Complete TODO listed in SERVER-74896

Closed

Assignee:: Gabriel Marks
Reporter:: Janna Golden
Participants:: Gabriel Marks, Githook User, Janna Golden
Votes:: 0 Vote for this issue
Watchers:: 4 Start watching this issue

Created:: Mar 15 2023 05:57:48 PM UTC
Updated:: Oct 29 2023 09:24:51 PM UTC
Resolved:: Sep 14 2023 05:13:21 PM UTC
Confidence Status Last Update:: 28/Jul/23 4:14 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates