LDAP Users shouldn't be successfully authenticated if not authorized
Today, if you login with proper LDAP credentials to an Atlas cluster, you are authenticated into that cluster, even if you are not authorized to have access. This is not at all how databases should work, nor is it how most databases do work today. If a user is not authorized, that connection should fail immediately.
Allowing successful authentication, even when not authorized, can increase the security vector for ddos attempts as well as causes confusion when successful attempts are logged, even though the user was not authorized to see data.
Please reject any non-authorized user from connecting to an Atlas cluster.
4
votes
Kyle
shared this idea