Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-12611

Possible to introduce role graph cycle if cycle already exists

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Won't Fix
    • Icon: Major - P3 Major - P3
    • None
    • 2.5.5
    • Security
    • Fully Compatible
    • ALL
    • Hide

      Introduce cycle

      db.createRole({role:"A",privileges:[],roles:[]})
      db.createRole({role:"B",privileges:[],roles:["A"]})
      db.system.roles.update({_id:"admin.A"},{$addToSet:{roles:{"role":"B","db":"admin"}}})

      Now it is possible to introduce another cycle

      db.createRole({role:"C",privileges:[],roles:[]})
      db.createRole({role:"D",privileges:[],roles:["C"]})
      db.grantRolesToRole("C","D")

      Show
      Introduce cycle db.createRole({role:"A",privileges:[],roles:[]}) db.createRole({role:"B",privileges:[],roles:["A"]}) db.system.roles.update({_id:"admin.A"},{$addToSet:{roles:{"role":"B","db":"admin"}}}) Now it is possible to introduce another cycle db.createRole({role:"C",privileges:[],roles:[]}) db.createRole({role:"D",privileges:[],roles:["C"]}) db.grantRolesToRole("C","D")

    Description

      If there is a cycle in the role graph the cycle prevention does not work properly for updateRoles and grantRolesToRole.

      Attachments

        Activity

          People

            backlog-server-platform DO NOT USE - Backlog - Platform Team
            andreas.nilsson Andreas Nilsson
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: