Database users should be able to change their own passwords
Currently, there is no way for Database Users to manage their own passwords, (even if they are atlasAdmin@admin). Moreover, as a Project Owner, I cannot create a role that allows them to do so, e.g.:
use admin
db.createRole(
{ role: "changeOwnPasswordRole",
privileges: [
{
resource: { db: "", collection: ""},
actions: [ "changeOwnPassword"]
}
],
roles: []
}
)
As such, changing passwords always requires a Project Owner setting the new password and sharing it with the Database User. This is a problem, because user-password combinations known by more than one person do not serve as proof of identity.
A Database User should, either by default or via a role, have the changeOwnPassword
Mongo permission, so they can change their own passwords without having to share them with someone else (i.e. a Project Owner).
32
votes
Kadu
shared this idea