From 7a6bf7c60c1aa0fbb6bde292e4a1ab7bfd77c8ef Mon Sep 17 00:00:00 2001 From: jeff-allen-mongo Date: Tue, 24 Oct 2017 12:16:06 -0400 Subject: [PATCH] DOCS-10904 - Quickfix --- source/reference/built-in-roles.txt | 27 +++++++++++---------- source/reference/command/createUser.txt | 2 ++ source/reference/privilege-actions.txt | 32 +++++++++++++++++++++++++ 3 files changed, 48 insertions(+), 13 deletions(-) diff --git a/source/reference/built-in-roles.txt b/source/reference/built-in-roles.txt index 90da4c907aa..029ba4f03cb 100644 --- a/source/reference/built-in-roles.txt +++ b/source/reference/built-in-roles.txt @@ -160,6 +160,7 @@ Every database includes the following database administration roles: - :authaction:`dropUser` - :authaction:`grantRole` - :authaction:`revokeRole` + - :authaction:`setAuthenticationRestriction` - :authaction:`viewRole` - :authaction:`viewUser` @@ -253,11 +254,11 @@ functions. | :authaction:`update` * - | :data:`system.indexes <.system.indexes>`, - + | :data:`system.js <.system.js>`, - + | :data:`system.namespaces <.system.namespaces>` collections - + - | :authaction:`collStats` | :authaction:`dbHash` | :authaction:`dbStats` @@ -285,7 +286,7 @@ functions. - :authaction:`splitChunk` - :authaction:`splitVector` - :authaction:`update` - + * - :data:`system.replset ` collection - - :authaction:`collStats` @@ -460,12 +461,12 @@ restoring data: Provides the :authaction:`insert` and :authaction:`update` actions on the - ``mms.backup`` collection in the ``admin`` database and on the + ``mms.backup`` collection in the ``admin`` database and on the :data:`settings ` collection in the ``config`` database. On :ref:`anyResource`, provides the - - - :authaction:`listDatabases` action + + - :authaction:`listDatabases` action - :authaction:`listCollections` action - :authaction:`listIndexes` action @@ -487,7 +488,7 @@ restoring data: :data:`system.profile <.system.profile>` - the :data:`admin.system.users` and :data:`admin.system.roles` collections - + - the :data:`config.settings` collection - legacy ``system.users`` collections from versions of MongoDB prior to 2.6 @@ -533,8 +534,8 @@ restoring data: Provides the following action on the cluster as a whole: - - :authaction:`getParameter` - + - :authaction:`getParameter` + Provides the following actions on all *non*-system collections: - :authaction:`bypassDocumentValidation` @@ -566,7 +567,7 @@ restoring data: Provides the following action on :ref:`anyResource`: - - :authaction:`listCollections` + - :authaction:`listCollections` Provides the :authaction:`find` action on all the :data:`system.namespaces <.system.namespaces>` collections in the cluster. @@ -700,7 +701,7 @@ and are roughly equivalent to their single-database equivalents: Prior to 3.4, :authrole:`userAdminAnyDatabase` includes ``local`` and ``config`` databases. - + .. authrole:: dbAdminAnyDatabase Provides the same access to database administration operations as @@ -753,7 +754,7 @@ The following role provides full privileges on all resources: The :authrole:`root` has :authaction:`validate` action on ``system.`` collections. Previously, :authrole:`root` does **not** include any access to collections that begin with the - ``system.`` prefix other than ``system.indexes`` and + ``system.`` prefix other than ``system.indexes`` and ``system.namespaces``. The :authrole:`root` role includes privileges from the :authrole:`restore` role. diff --git a/source/reference/command/createUser.txt b/source/reference/command/createUser.txt index 0f3a6255976..b47211f9b73 100644 --- a/source/reference/command/createUser.txt +++ b/source/reference/command/createUser.txt @@ -47,6 +47,8 @@ Roles .. include:: /includes/fact-roles-array-contents.rst +.. _create-user-auth-restrictions: + Authentication Restrictions ~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/source/reference/privilege-actions.txt b/source/reference/privilege-actions.txt index 54677b3b103..fae727cff12 100644 --- a/source/reference/privilege-actions.txt +++ b/source/reference/privilege-actions.txt @@ -233,6 +233,38 @@ Database Management Actions User can remove any role from any user from any database in the system. Apply this action to database resources. +.. authaction:: setAuthenticationRestriction + + .. versionadded:: 3.6 + + User can specify the + :ref:`authenticationRestrictions ` + field in the ``user`` document when running the following commands: + + - :doc:`createUser ` + - :doc:`updateUser ` + + User can specify the ``authenticationRestrictions`` field in the + ``role`` document when running the following commands: + + - :doc:`createRole ` + - :doc:`updateRole ` + + .. note:: + + The following built-in roles grant this privilege: + + - The :authrole:`userAdmin` role provides this privilege + on the database that the role is assigned. + + - The :authrole:`userAdminAnyDatabase` role provides this + privilege on all databases. + + Transitively, the :authrole:`restore` and :authrole:`root` roles + also provide this privilege. + + Apply this action to database resources. + .. authaction:: unlock User can perform the :method:`db.fsyncUnlock()` method. Apply this