Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-28449

"Root" role does not have permissions to recreate oplog

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Works as Designed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Security
    • Labels:
      None
    • Operating System:
      ALL

      Description

      I am running into an issue with the 3.2.12 server

      I have a user with 'root' role that is not able to recreate the oplog ( in order to scale up the size of the oplog)

      > db.runCommand({ create: "oplog.rs", capped: true, size: 1503238553.0 })
      		 
      {
      		 
      	"ok" : 0,
      		 
      	"errmsg" : "not authorized on local to execute command { create: \"oplog.rs\", capped: true, size: 1503238553.0 }",
      		 
      	"code" : 13
      		 
      }

      If the user is granted readWrite on the local DB then it starts to work

       db.grantRolesToUser("admin", [{role: "readWrite", db: "local"}])

      Is this expected? I would expect the 'root' role to be a superset of all the permissions.

        Attachments

          Issue Links

          related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-26839 Improve readWriteDatabase role coverage

          • Major - P3 - Major loss of function.
          • Closed

          Task - A task that needs to be done. PHPC-1261 User for replica set auth test environment needs access to "local" database

          • Major - P3 - Major loss of function.
          • Closed

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: