Forbid creating or updating a user with the root-role.
Rationale
The default authorizer mongoAclAuthorizer enables the root-role: admin by default; clients with root-role can execute any request.
Although a the root-role is very useful at testing and developing time, it is a security risk to leave it enabled, this is why the security hardening doc page suggests to disable it by setting the configuration option mongoAclAuthorizer.root-role: null
In any case an account handled by the mongoRealAuthenticator (that handles accounts with roles in a MongoDb collection) should never gain the root-role via a MongoService write request as PATCH /users/foo {"roles": ["admin"]}.
Detailed documentation
The interceptor rootRoleGuard is enabled by default.
# forbids accounts handled by `mongoAclAuthorizer` to gain the `root-role` defined by the `mongoAclAuthorizer`
rootRoleGuard:
enabled: true
Brief overview
Forbid creating or updating a user with the
root-role
.Rationale
The default authorizer
mongoAclAuthorizer
enables theroot-role: admin
by default; clients withroot-role
can execute any request.Although a the
root-role
is very useful at testing and developing time, it is a security risk to leave it enabled, this is why the security hardening doc page suggests to disable it by setting the configuration optionmongoAclAuthorizer.root-role: null
In any case an account handled by the
mongoRealAuthenticator
(that handles accounts with roles in a MongoDb collection) should never gain theroot-role
via a MongoService write request asPATCH /users/foo {"roles": ["admin"]}
.Detailed documentation
The interceptor
rootRoleGuard
is enabled by default.