Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Done
Priority: Major - P3
Fix Version/s: 2.5.4
Affects Version/s: None
Component/s: Security
Labels:
- 26qa

Operating System:
ALL
Steps To Reproduce:
Hide

1) run mongod with --auth
2) use admin
3)

db.addUser({user: "x", pwd: "x", roles: ["clusterAdmin"]})

4)

db.auth("x", "x")

5) use test
6)

db.runCommand({repairDatabase: 1})
Show
1) run mongod with --auth 2) use admin 3) db.addUser({user: "x" , pwd: "x" , roles: [ "clusterAdmin" ]}) 4) db.auth( "x" , "x" ) 5) use test 6) db.runCommand({repairDatabase: 1})
CAR Domain/s:
None

Aha! Reference:
None
Tracking Level:
None
Risk Status:
None
Exec Notes:
None
Goal Name(s):
None
Goal Link:
None

Expected: A user with the clusterAdmin role should be authorized to run the repairDatabase command.

Actual: Attempting to run repairDatabase on either the admin database or a non-admin database gives an authorization error, even when the user has the clusterAdmin role:

{
	"ok" : 0,
	"errmsg" : "not authorized on roles_commands_1 to execute command { repairDatabase: 1.0 }",
	"code" : 13
}

depends on

SERVER-9514 System-defined roles

Closed

related to

SERVER-8213 Make copyDB and clone work with auth when using new-style users

Closed

Assignee:: Spencer Brody (Inactive)
Reporter:: David Storch
Participants:: auto, David Storch, Spencer Brody
Votes:: 0 Vote for this issue
Watchers:: 3 Start watching this issue

Created:: Oct 03 2013 06:14:59 PM UTC
Updated:: Jul 11 2016 05:38:34 PM UTC
Resolved:: Oct 25 2013 05:27:45 PM UTC

Details

Description

Attachments

Issue Links

Activity

People

Dates