Skip to content

Commit 4075456

Browse files
schmallisokay-kim
schmalliso
authored and
kay-kim
committed
DOCS-11101: add killAnyCursor privilege, clarify coAuthz behaviour
1 parent e18fb35 commit 4075456

File tree

3 files changed

+28
-3
lines changed

3 files changed

+28
-3
lines changed

source/reference/built-in-roles.txt

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -424,7 +424,7 @@ functions.
424424
- :authaction:`flushRouterConfig`
425425
- :authaction:`fsync`
426426
- :authaction:`invalidateUserCache`
427-
427+
- :authaction:`killAnyCursor` (New in version 3.6.3)
428428
- :authaction:`killAnySession` (New in version 3.6)
429429

430430
- :authaction:`killop`

source/reference/command/killCursors.txt

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,21 @@ Definition
4141

4242
.. include:: /includes/apiargs/dbcommand-killCursors-field.rst
4343

44+
Required Access
45+
---------------
46+
47+
.. versionchanged:: 3.6.3
48+
49+
To successfully execute a :dbcommand:`killCursors` command, all cursors
50+
that you wish to kill must be associated with a currently authenticated
51+
user. MongoDB associates cursors with the users that were authenticated when
52+
the cursor was created. If the operation is not successful due to
53+
permission issues, the command returns an error message.
54+
55+
Alternatively, if a user possesses the :authaction:`killAnyCursor`
56+
privilege, that user may kill any cursor regardless of what users the
57+
cursor is associated with.
58+
4459
Example
4560
-------
4661

source/reference/privilege-actions.txt

Lines changed: 12 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,7 +47,8 @@ Query and Write Actions
4747
- :dbcommand:`getMore`
4848
- :dbcommand:`getPrevError`
4949
- :dbcommand:`group`
50-
- :dbcommand:`killCursors`
50+
- :dbcommand:`killCursors`, provided that the cursor is associated
51+
with a currently authenticated user.
5152
- :dbcommand:`listCollections`
5253
- :dbcommand:`listIndexes`
5354
- :dbcommand:`mapReduce` with the ``{out: inline}`` option.
@@ -254,7 +255,16 @@ Database Management Actions
254255

255256
.. authaction:: killCursors
256257

257-
User can kill cursors on the target collection.
258+
User can kill cursors with which they are associated. Cursors are
259+
associated with the users that were authenticated when the cursor was
260+
created. Apply this action to collection resources.
261+
262+
.. authaction:: killAnyCursor
263+
264+
.. versionadded:: 3.6.3
265+
266+
User can kill **any** cursor regardless of their association
267+
with the cursor. Apply this action to collection resources.
258268

259269
.. authaction:: revokeRole
260270

0 commit comments

Comments
 (0)