Restrict access scope of master key

[mtrezza]

New Feature / Enhancement Checklist

• I am not disclosing a vulnerability.
• I am not just asking a question.
• I have searched through existing issues.

Current Limitation

The masterKey currently allows to manipulate some Parse Server internal fields. At the same time, the masterKey is intended to be used for normal operations, such as for Parse Dashboard to connect to Parse Server or special Remote Config parameters. The scope of masterKey is unclear because it's not defined anywhere.

Allowing the masterKey to modify internal fields, while distributing it for normal operation is a bad combination. It raises the risk associated with a compromised masterKey, because it significantly increases the integrity impact of the vulnerability's CVSS score.

Feature / Enhancement Description

Define scopes, implement them and add them to docs. This will be a breaking change.

We can assume that there is a difference in scope between:

• accessing all data within the official features and constrains of Parse Server (intended to be used for normal operation)
• manipulating Parse Server internal fields that are usually rather constraint-free (not intended to be used for normal operation)

Suggested scopes:

Scope	Internal data	Custom data	Restricted by CLP, ACL	Key
Internal	r/w	r/w	no	maintenanceKey*
Master	-/-	r/w	no	masterKey
ReadOnlyMaster	-/-	r/-	no	readOnlyMasterKey
Session	-/-	r/w	yes	sessionToken

_{* doesn't exist yet as a feature}

Example Use Case

• give masterKey to a business client to access all data, configure dashboard apps and use Remove Config parameters that are restricted to master key --> this doesn't allow the user to mess up the internals of Parse Server
• give maintenanceKey to a DevOp to be able to manipulate internal Parse Server fields --> these internal fields are not supposed to be manipulated for normal operation, they may need to to be manipulated for one-time migration or data correction tasks

Alternatives / Workarounds

n/a

3rd Party References

n/a

[parse-github-assistant]

Thanks for opening this issue!

• 🎉 We are excited about your ideas for improvement!

[cbaker6]

If the changes are breaking, I believe the requests to change the name of this key that began 2+ years ago should be revisited:

• Rename master branch, rename masterKey to primaryKey #7584
• Rename master branch, rename masterKey to primaryKey #7584 (comment)
• Rename master branch, rename masterKey to primaryKey #7584 (comment)
• https://community.parseplatform.org/t/terminology-and-depictions-across-parse-platform/2009

[mtrezza]

The changes are breaking in terms of the scope of master key, unlikely to require changes in any other repository; the issue you are referring to would make all existing SDKs incompatible with Parse Server and requires changes in virtually every Parse Platform repository, which is a much larger undertaking and should be handled as a separate issue. The topic is also stale in the forum since 1 year and didn't mature yet to derive any discrete actions.