Minor - P4 Expected: A user who has only the clusterMonitor role should be authorized to run the collStats and dbStats commands.
Actual: access denied
Here is the test output that detects this failure:
----
collStats: expected authorization success but received {
"ok" : 0,
"errmsg" : "not authorized on roles_commands_1 to execute command { collStats: \"bar\", scale: 1.0 }",
"code" : 13
} on db roles_commands_1 with role clusterMonitor
----
----
collStats: expected authorization success but received {
"ok" : 0,
"errmsg" : "not authorized on roles_commands_2 to execute command { collStats: \"bar\", scale: 1.0 }",
"code" : 13
} on db roles_commands_2 with role clusterMonitor
----
----
dbStats: expected authorization success but received {
"ok" : 0,
"errmsg" : "not authorized on roles_commands_1 to execute command { dbStats: 1.0, scale: 1024.0 }",
"code" : 13
} on db roles_commands_1 with role clusterMonitor
----
----
dbStats: expected authorization success but received {
"ok" : 0,
"errmsg" : "not authorized on roles_commands_2 to execute command { dbStats: 1.0, scale: 1024.0 }",
"code" : 13
} on db roles_commands_2 with role clusterMonitor
----
The test jstests/auth/commands.js does not detect this failure because in these two tests the "clusterMonitor" role is misspelled as "monitor" (see here and here).
This problem was created as part of the change that first split the clusterAdmin role into clusterManager, hostManager, and clusterMonitor (git revision 878f2da2f8e87dac0f6b34a97a393576e4d8ff99 and SERVER-9514).
- is related to
-
SERVER-9514 System-defined roles
-
- Closed
-