Details
-
Task
-
Resolution: Works as Designed
-
Major - P3
-
None
-
3.6.2
-
None
-
MongoDB 3.6.2, possibly 3.6.0+
Description
the getRoles command (and db.getRoles()) does not return any authenticationRestrictions associated to configured roles.
Steps to reproduce:
1. Create new user, specifying authenticationRestrictions document with both clientSource and serverAddress
2. Run db.getRoles - output does not include authentication restrictions associated to the role.
Originally reported by user in the community slack channel.
As far as I can tell there doesn't seem to be a way to check the configured authenticationRestrictions (if any) for a given role.
Example:
db.createRole(
|
... {
|
... role: "myClusterwideAdmin",
|
... privileges: [
|
... { resource: { cluster: true }, actions: [ "addShard" ] },
|
... { resource: { db: "config", collection: "" }, actions: [ "find", "update", "insert", "remove" ] },
|
... { resource: { db: "users", collection: "usersCollection" }, actions: [ "update", "insert", "remove" ] },
|
... { resource: { db: "", collection: "" }, actions: [ "find" ] }
|
... ],
|
... roles: [
|
... { role: "read", db: "admin" }
|
... ],
|
... authenticationRestrictions : [ {
|
... clientSource : ["192.168.0.100"],
|
... serverAddress : ["192.168.1.100"]
|
... }]
|
... })
|
{
|
|
b.getRoles()
|
[
|
{
|
"role" : "myClusterwideAdmin",
|
"db" : "admin",
|
"isBuiltin" : false,
|
"roles" : [
|
{
|
"role" : "read",
|
"db" : "admin"
|
}
|
],
|
"inheritedRoles" : [
|
{
|
"role" : "read",
|
"db" : "admin"
|
}
|
]
|
}
|
]
|
Attachments
Issue Links
- is documented by
-
DOCS-11283 db.getRoles() should mention showAuthenticationRestrictions option
-
- Closed
-