This is an extension of SERVER-13727. Unfortunately, that ticket did not specify that this privilege is necessary for all collections, including the system collections
Here's what my user looks like:
backup_test:PRIMARY> db.system.users.find({user:'mms-backup-agent'}).pretty()
{
"_id" : "admin.mms-backup-agent",
"user" : "mms-backup-agent",
"db" : "admin",
"credentials" : {
"MONGODB-CR" : "6187ca3816a65edef454cc6de1e05fb7"
},
"roles" : [
{
"role" : "backup",
"db" : "admin"
}
]
}
and here's what happens when I try to perform collstats on system.users:
backup_test:PRIMARY> db.auth('mms-backup-agent','10gen') 1 backup_test:PRIMARY> db.runCommand({ collstats: "system.users" }); { "ok" : 0, "errmsg" : "not authorized on admin to execute command { collstats: \"system.users\" }", "code" : 13 } backup_test:PRIMARY> backup_test:PRIMARY> use food switched to db food backup_test:PRIMARY> db.runCommand({ collstats: "desert" }); { "ns" : "food.desert", "count" : 1, "size" : 48, "avgObjSize" : 48, "storageSize" : 8192, "numExtents" : 1, "nindexes" : 1, "lastExtentSize" : 8192, "paddingFactor" : 1, "systemFlags" : 1, "userFlags" : 1, "totalIndexSize" : 8176, "indexSizes" : { "_id_" : 8176 }, "ok" : 1 }
Notice that I can perform collstats on a regular collection like food.desert.
I think the problem is here. I'm guessing that system.users is not a "normal resource".
- is related to
-
SERVER-13727 The "backup" auth role should allow running the "collstats" command
-
- Closed
-