[COMPASS-3389] Confusing behavior when connecting with user that has database-level permissions to Atlas cluster where the database does not exist Created: 16/Jan/19  Updated: 17/Jan/19  Resolved: 17/Jan/19

Status: Closed
Project: Compass
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor - P4
Reporter: Massimiliano Marcon Assignee: Unassigned
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File image-2019-01-16-14-19-24-967.png    
Issue Links:
Related
is related to COMPASS-2245 As a user with limited permissions (r... Closed
is related to SERVER-32942 mongo shell: for users authorized to ... Closed
Tested
tested by COMPASS-3390 Add Atlas test to connectivity integr... Closed

 Description   

Steps to reproduce:

  1. Create a non-free Atlas cluster
  2. In the security section, create a custom role that grants access to a DB that does not exist in the cluster (see screenshot below)
  3. In the security section, create a user and assign the custom role created in 2

Connect with Compass to the Cluster created in 1, where the DB used for the custom role is not present.

Result: Compass displays in the side bar and in the Databases tab the database created in 2, even though it does not exist in the collection.

Expected result: the DB is not shown in the side bar and in the Databases tab as it does not exist

 



 Comments   
Comment by Massimiliano Marcon [ 17/Jan/19 ]

While I would agree this may be confusing in some situations, it's probably an edge case. Additionally, if the user has the necessary permissions (which Atlas groups into “Database Actions and Roles”) it is possible from Compass to create collections in the not-yet-existing database and the database will be created along with the first collection.

Comment by Lucas Hrabovsky (Inactive) [ 16/Jan/19 ]

massimiliano.marcon Linking this up to two tickets I found yesterday.

We already use the {{{ connectionStatus: 1, showPrivileges: true\ }}} -> {{{ usersInfo: user, showPrivileges: true }}} pattern: https://github.com/mongodb-js/data-service/blob/master/lib/instance-detail-helper.js#L297

I suspect we have a end-to-end testing gap to fill so I created COMPASS-3390. The eng side is trivial (we just add more travis secure connection strings to the matrix). More difficult is the homework/paperwork to define the matrix and get those Atlas deployments provisioned.

Generated at Wed Feb 07 22:33:03 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.