Description
Create a user with a single role that has the following privilege:
{ resource: {db: "test", collection: "x"}, actions: ["reIndex"] }
|
If the user tries to reIndex collection "x", the command fails as shown below:
> db.runCommand({reIndex: "x"})
|
{
|
"nIndexesWas" : 1,
|
"msg" : "indexes dropped for collection",
|
"errmsg" : "exception: invalid ns to index",
|
"code" : 10096,
|
"ok" : 0
|
}
|
On the other hand, if the user has the dbAdmin role, then the command works just fine:
> db.x.save({})
|
> db.runCommand({
|
... createUser: "testUser",
|
... pwd: "password",
|
... roles: ["dbAdmin"]
|
... })
|
{ "ok" : 1 }
|
> db.auth("testUser", "password")
|
1
|
> db.runCommand({reIndex: "x"})
|
{
|
"nIndexesWas" : 1,
|
"msg" : "indexes dropped for collection",
|
"nIndexes" : 1,
|
"indexes" : [
|
{
|
"key" : {
|
"_id" : 1
|
},
|
"ns" : "test.x",
|
"name" : "_id_"
|
}
|
],
|
"ok" : 1
|
}
|