Forbid creating or updating a user with the root-role.
Rationale
The default authorizer mongoAclAuthorizer enables the root-role: admin by default; clients with root-role can execute any request.
Although a the root-role is very useful at testing and developing time, it is a security risk to leave it enabled, this is why the security hardening doc page suggests to disable it by setting the configuration option mongoAclAuthorizer.root-role: null
In any case an account handled by the mongoRealAuthenticator (that handles accounts with roles in a MongoDb collection) should never gain the root-role via a MongoService write request as PATCH /users/foo {"roles": ["admin"]}.
Detailed documentation
The interceptor rootRoleGuard is enabled by default.
# forbids accounts handled by `mongoAclAuthorizer` to gain the `root-role` defined by the `mongoAclAuthorizer`
rootRoleGuard:
enabled: true
ujibang
commented
9 months ago
Brief overview
Forbid creating or updating a user with the
root-role.Rationale
The default authorizer
mongoAclAuthorizerenables theroot-role: adminby default; clients withroot-rolecan execute any request.Although a the
root-roleis very useful at testing and developing time, it is a security risk to leave it enabled, this is why the security hardening doc page suggests to disable it by setting the configuration optionmongoAclAuthorizer.root-role: nullIn any case an account handled by the
mongoRealAuthenticator(that handles accounts with roles in a MongoDb collection) should never gain theroot-rolevia a MongoService write request asPATCH /users/foo {"roles": ["admin"]}.Detailed documentation
The interceptor
rootRoleGuardis enabled by default.