So on one hand there are users of Trove mongo datastore that are affected by this lack of acl, and on the other hand, most experimental datastore (like redis, cassandra, postgresql, ...) do not have user control settings.
I would triage this as a B2 type of bug (according to https://security.openstack.org/vmt-process.html#incident-report-taxonomy). Basically, this is a vulnerability (lack of datastore user access control), there is no complete fix (only mongo is fixed in that case), and we better document this vulnerability with an Security Note (OSSN) instead.
So on one hand there are users of Trove mongo datastore that are affected by this lack of acl, and on the other hand, most experimental datastore (like redis, cassandra, postgresql, ...) do not have user control settings.
I would triage this as a B2 type of bug (according to https:/ /security. openstack. org/vmt- process. html#incident- report- taxonomy). Basically, this is a vulnerability (lack of datastore user access control), there is no complete fix (only mongo is fixed in that case), and we better document this vulnerability with an Security Note (OSSN) instead.