![]() ![]() Tim Callaghan is a Principal DocumentDB Specialist Solutions Architect at AWS. If you have any features requests for Amazon DocumentDB, email us at. If you have any questions or comments about this post, please use the comments section. ![]() For more information about the first release of RBAC please visit this post. For more information about RBAC in Amazon DocumentDB, see Restricting Database Access Using Role-Based Access Control (Built-In Roles). This post introduced user-defined roles for role-based access control in Amazon DocumentDB and walked through a common use case. ![]() The following examples show the application user appuser with the built-in readWrite role in the app1 database and the support user supportuser with only the find privilege on the supportInfo collection in the app1 database:ĭb.createUser( Now you can deploy your schema in a more manageable way by keeping all collections for a given application in a single database. Without support for user-defined roles in RBAC, you could only implement this requirement by placing collections requiring access from both the application user and support users in one database and using a second database for collections limited to access strictly by the application user, because RBAC was previously enforced at the database level. Use case: Least privilege accessĪ security best practice is to apply least privilege access within your databases by creating multiple users that each have least privilege access.įor example, creating a single application user with create, read, update, and delete (CRUD) access to all collections that the application requires and creating one or more support users with read-only access to a subset of collections. For more information regarding RBAC capabilities, see Restricting Database Access Using Role-Based Access Control. This post introduces the new RBAC capabilities in Amazon DocumentDB: creation of custom roles, granular control of permitted operations, and granular control of permitted collections. Two common use cases for user-defined roles are applying least privilege access for the application user and supporting collection-level access control within an Amazon DocumentDB database. Support for user-defined roles builds upon the existing Role-Based Access Control (RBAC) functionality, allowing for more granular access control as well as creating custom roles to simplify user authorization within your Amazon DocumentDB clusters. Amazon DocumentDB (with MongoDB compatibility) is a database service that is purpose-built for JSON data management at scale, fully managed and integrated with AWS, and enterprise-ready with high durability.Īmazon DocumentDB added support for role-based access control (RBAC) with user-defined roles. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |