Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-14355

Allow dbAdmin role to manually create system.profile collections

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.6.4, 2.7.4
    • Component/s: Admin
    • Labels:
      None
    • Operating System:
      ALL
    • Backport Completed:

      Description

      Issue Status as of Jul 22, 2014

      ISSUE SUMMARY
      The dbAdmin role has the permission to drop the system.profile collection, but does not have permissions to create it (e.g. for resizing).

      USER IMPACT
      Admin users may drop the system.profile collection in an attempt to resize it but are then unable to re-create the new collection manually.

      WORKAROUNDS
      Create a new user-defined role that grants the necessary permissions and add that role to a user, as described in this comment.

      AFFECTED VERSIONS
      All production releases from 2.6.0 to 2.6.3 are affected by the bug.

      FIX VERSION
      The fix is included in the 2.6.4 production release.

      RESOLUTION DETAILS
      Added the permission to create system.profile collections to the dbAdmin role.

      Original description

      I am trying to increase the size of my profiling collection as per the instructions. Version is 2.6.0 . I am logged in as "root" user on the admin db. It fails with error

      - "not authorized on admin to execute command"
      

      Shard-0:PRIMARY> db.system.profile.drop();
      true
      Shard-0:PRIMARY> db.createCollection( "system.profile", { capped: true, size:4000000 } );
      {
              "ok" : 0,
              "errmsg" : "not authorized on admin to execute command { create: \"system.profile\", capped: true, size: 4000000.0 }",
              "code" : 13
      }
      Shard-0:PRIMARY> show users;
      {
              "_id" : "admin.admin",
              "user" : "admin",
              "db" : "admin",
              "credentials" : {
                      "MONGODB-CR" : "951e7b3e49c49caf2b4c8819a11e7e29"
              },
              "roles" : [
                      {
                              "role" : "root",
                              "db" : "admin"
                      },
                      {
                              "role" : "restore",
                              "db" : "admin"
                      }
              ]
      }
      

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                11 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: