Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11309

checkShardingIndex auth error for user-defined role with "find" privilege

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 2.5.4
    • None
    • Security
    • ALL
    • Hide

      > db.runCommand({
      ... createRole: "testRole",
      ... privileges: [ {resource: {db: "test", collection: "x"}, actions: ["find"] } ],
      ... roles: [ ]
      ... })
      { "ok" : 1 }
      > db.runCommand({
      ... createUser: "testUser",
      ... pwd: "password",
      ... roles: ["testRole"]
      ... })
      { "ok" : 1 }
      > db.auth("testUser", "password")
      1
      > db.runCommand({checkShardingIndex: "test.x", keyPattern: {_id: 1}})
      {
      	"ok" : 0,
      	"errmsg" : "not authorized on test to execute command { checkShardingIndex: \"test.x\", keyPattern: { _id: 1.0 } }",
      	"code" : 13
      }

      Show
      > db.runCommand({ ... createRole: "testRole", ... privileges: [ {resource: {db: "test", collection: "x"}, actions: ["find"] } ], ... roles: [ ] ... }) { "ok" : 1 } > db.runCommand({ ... createUser: "testUser", ... pwd: "password", ... roles: ["testRole"] ... }) { "ok" : 1 } > db.auth("testUser", "password") 1 > db.runCommand({checkShardingIndex: "test.x", keyPattern: {_id: 1}}) { "ok" : 0, "errmsg" : "not authorized on test to execute command { checkShardingIndex: \"test.x\", keyPattern: { _id: 1.0 } }", "code" : 13 }

    Description

      Expected: A user privileged to perform the "find" action on a collection should be able to run the checkShardingIndex on that collection.

      Actual: An authorization error such as the one below is returned.

      {
      	"ok" : 0,
      	"errmsg" : "not authorized on roles_commands_1 to execute command { checkShardingIndex: \"test.x\", keyPattern: { _id: 1.0 } }",
      	"code" : 13
      }

      Attachments

        Activity

          People

            spencer@mongodb.com Spencer Brody (Inactive)
            david.storch@mongodb.com David Storch
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: