Details
-
Bug
-
Resolution: Done
-
Major - P3
-
None
-
None
-
None
-
ALL
-
Description
1. I created a role with changeOwnPassword privilege
mongos> db.getRole("changeOwnPasswordRole",{showPrivileges:true})
|
{
|
|
|
"role" : "changeOwnPasswordRole",
|
|
|
"db" : "admin",
|
|
|
"isBuiltin" : false,
|
|
|
"roles" : [ ],
|
|
|
"inheritedRoles" : [ ],
|
|
|
"privileges" : [
|
|
|
{
|
|
|
"resource" : {
|
|
|
"cluster" : true
|
|
|
},
|
|
|
"actions" : [
|
|
|
"changeOwnPassword"
|
|
|
]
|
|
|
}
|
|
|
],
|
|
|
"inheritedPrivileges" : [
|
|
|
{
|
|
|
"resource" : {
|
|
|
"cluster" : true
|
|
|
},
|
|
|
"actions" : [
|
|
|
"changeOwnPassword"
|
|
|
]
|
|
|
}
|
|
|
]
|
|
|
}
|
|
|
mongos>
|
2. I granted the role to non-admin read-only user
mongos> db.getUser("sdutta")
|
{
|
"_id" : "admin.sdutta",
|
"user" : "sdutta",
|
"db" : "admin",
|
"roles" : [
|
{
|
"role" : "changeOwnPasswordRole",
|
"db" : "admin"
|
},
|
{
|
"role" : "readAnyDatabase",
|
"db" : "admin"
|
}
|
]
|
}
|
3. Tried to change password without luck. I hope it’s not expecting readWrite.
mongos> db.changeUserPassword("sdutta","test2")
|
|
|
2017-01-17T18:38:29.078-0500 E QUERY [thread1] Error: Updating user failed: not authorized on admin to execute command { updateUser: "sdutta", pwd: "xxx", writeConcern: { w: "majority", wtimeout: 30000.0 }, digestPassword: false } :
|
|
|
_getErrorWithCode src/mongo/shell/utils.js:25:13
|
|
|
DB.prototype.updateUser src/mongo/shell/db.js:1319:15
|
|
|
DB.prototype.changeUserPassword src/mongo/shell/db.js:1323:9
|
|
|
@(shell):1:1
|
BTW, we are using following versions -
MongoDB shell version: 3.2.5
MongoS version 3.2.5
git version: 34e65e5383f7ea1726332cb175b73077ec4a1b02
OpenSSL version: OpenSSL 1.0.1e-fips 11 Feb 2013
Thanks!