Skip to content

`mgrant` allow/deny subcommands for admins
Compare
Choose a tag to compare
@dwinston dwinston released this 26 Sep 19:49
· 24 commits to master since this release
v0.2.0
b902db8

A mongogrant server admin can now add "ruler" users who can set allow/deny rules for users via the mgrant CLI. An admin sets a ruler document in the server.mgdb collection, e.g.

server.mgdb.rulers.replace_one(
    {"email": "[email protected]"},
    {
        "email": "[email protected]",
        "hosts": ["mongodb03.nersc.gov"],
        "dbs": ["mp_", "fw_"],
        "emails": ["@lbl.gov"],
        "which": ["allow"]
    },
    upsert=True)

Allows user [email protected] to set allow rules for any user with an "@lbl.gov" email address on the Mongo host "mongodb03.nersc.gov" for any database name prefixed with "mp_" or "fw_". Any field in a ruler document can be set to "all" rather than an array.

Assets 2
Loading