Loading...

XML

Word

Printable

JSON

Backwards Compatibility:
Fully Compatible
Operating System:
ALL
Steps To Reproduce:
Hide

Introduce cycle

db.createRole({role:"A",privileges:[],roles:[]}) db.createRole({role:"B",privileges:[],roles:["A"]}) db.system.roles.update({_id:"admin.A"},{$addToSet:{roles:{"role":"B","db":"admin"}}})

Now it is possible to introduce another cycle

db.createRole({role:"C",privileges:[],roles:[]}) db.createRole({role:"D",privileges:[],roles:["C"]}) db.grantRolesToRole("C","D")
Show
Introduce cycle db.createRole({role: "A" ,privileges:[],roles:[]}) db.createRole({role: "B" ,privileges:[],roles:[ "A" ]}) db.system.roles.update({_id: "admin.A" },{$addToSet:{roles:{ "role" : "B" , "db" : "admin" }}}) Now it is possible to introduce another cycle db.createRole({role: "C" ,privileges:[],roles:[]}) db.createRole({role: "D" ,privileges:[],roles:[ "C" ]}) db.grantRolesToRole( "C" , "D" )
CAR Domain/s:
None

If there is a cycle in the role graph the cycle prevention does not work properly for updateRoles and grantRolesToRole.

Assignee:: DO NOT USE - Backlog - Platform Team
Reporter:: Andreas Nilsson (Inactive)
Participants:: Andreas Nilsson, DO NOT USE - Backlog - Platform Team, Mira Carey
Votes:: 0 Vote for this issue
Watchers:: 5 Start watching this issue