Details
-
Improvement
-
Resolution: Fixed
-
Critical
-
Cheshire-Cat
-
1
Description
Today, any query against a multi collection index is authenticated against all the source collections.
This may not be a very effective model for supporting the multi-tenant capability of the FTS multi-collection index.
RBAC rules could be slightly changed in this case,
1 - Blanket query (no target collections in query)
Authenticate against all source collections in the index definition.
2 - Collection scoped/targetted query.
Authenticate against only the target collections in the query.
(as against all source collections in the index definition before.)
We acknowledge that this is a bit late in the cycle, but the change should be
of lesser risk and could a desirable change for making the multi-collection index
really multi-tenant)
Tagging Evgeny Makarenko/Keshav Murthy for inputs.