-
Type: Task
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
None
-
Server Security
-
Fully Compatible
-
Security 2023-08-07, Security 2023-08-21, Security 2023-09-04, Security 2023-09-18
Once the ResourcePattern and ParsedPrivilege APIs handle tenantIds, change any remaining call sites to NamespaceString::createNamespaceStringForAuth to call the appropriate method on NamespaceStringUtil to construct NamespaceStrings instead. Then, remove NamespaceString::createNamespaceStringForAuth, as it skips validation that tenantIds exist when they should.
Note that the current model for db-only resource patterns includes the db.coll delimiter. In order to more accurately match the `NamespaceString(const DatabaseName&)` constructor's behavior, we should move auth usages of dbonly patterns to not include the delimiter. This will require careful review of AuthorizationSessionImpl and UserManagementCommands.
- is depended on by
-
SERVER-80635 Use AuthPrevalidated for auth-specific de/serialization
- Closed
- is related to
-
SERVER-76294 Remove DatabaseName::createDatabaseNameForAuth
- Closed
- related to
-
SERVER-81087 Complete TODO listed in SERVER-74896
- Closed