Description
To reproduce:
adminDb = db.getSiblingDB("admin")
|
testDb = db.getSiblingDB("testdb")
|
adminDb.addUser({user:'admin',pwd:'password',roles:['userAdminAnyDatabase','dbAdminAnyDatabase', 'readWriteAnyDatabase']})
|
adminDb.auth('admin','password')
|
testDb.addUser({user:'readUser',pwd:'password',roles:['read']})
|
testDb.setProfilingLevel(2)
|
adminDb.logout()
|
testDb.auth('readUser','password')
|
testDb.system.profile.find() // succeeds
|
Culprit in AuthorizationManager::_modifyPrivilegeForSpecialCases:
} else if (collectionName == "system.profle" && newActions.contains(ActionType::find)) {
|