Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-28449

"Root" role does not have permissions to recreate oplog

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Major - P3
    • Resolution: Works as Designed
    • None
    • None
    • Security
    • None
    • ALL

    Description

      I am running into an issue with the 3.2.12 server

      I have a user with 'root' role that is not able to recreate the oplog ( in order to scale up the size of the oplog)

      > db.runCommand({ create: "oplog.rs", capped: true, size: 1503238553.0 })
      		 
      {
      		 
      	"ok" : 0,
      		 
      	"errmsg" : "not authorized on local to execute command { create: \"oplog.rs\", capped: true, size: 1503238553.0 }",
      		 
      	"code" : 13
      		 
      }

      If the user is granted readWrite on the local DB then it starts to work

       db.grantRolesToUser("admin", [{role: "readWrite", db: "local"}])

      Is this expected? I would expect the 'root' role to be a superset of all the permissions.

      Attachments

        Issue Links

          related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-26839 Improve readWriteDatabase role coverage

          • Major - P3 - Major loss of function.
          • Closed

          Task - A task that needs to be done. PHPC-1261 User for replica set auth test environment needs access to "local" database

          • Major - P3 - Major loss of function.
          • Closed

          Activity

            People

              mark.agarunov Mark Agarunov
              dharshanr@scalegrid.net Dharshan Rangegowda
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: