[DOCS-12160] Docs for SERVER-36262: mongo shell: allow users to show dbs (on <4.0 versions of the server) without the listDatabases privilege Created: 23/Oct/18  Updated: 13/Nov/23  Resolved: 30/Jan/19

Status: Closed
Project: Documentation
Component/s: manual, Server
Affects Version/s: None
Fix Version/s: 4.1.5, 4.0.5, Server_Docs_20231030, Server_Docs_20231106, Server_Docs_20231105, Server_Docs_20231113

Type: Task Priority: Major - P3
Reporter: Kay Kim (Inactive) Assignee: Kay Kim (Inactive)
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-38887 Mongo.getDBs() does not correctly ins... Closed
Documented
documents SERVER-36262 mongo shell: allow users to show dbs ... Closed
Participants:
Days since reply: 5 years, 1 week, 1 day ago
Epic Link: DOCS: 4.2 Server/Tools

 Description   

Description

Description:

This enables mongo.getDBs() and thereby `show databases` to return an inferred set of databases using the user's permissions if they are speaking to a pre-4.0 mongod.

Engineering Ticket Description:

Related to SERVER-32942

That ticket changed the behavior of show collections to : If the shell obtains an Unauthorized error, which it would if it ran the listCollections command against an older version of the server which didn't respect authorizedCollections, it will attempt to parse out the set of collections it has been granted privileges on from the output of connectionStatus.

The same pattern should be applied to show dbs (listDatabases)

Scope of changes

Impact to Other Docs

MVP (Work and Date)

Resources (Scope or Design Docs, Invision, etc.)



 Comments   
Comment by Githook User [ 05/Feb/19 ]

Author:

{'name': 'Kay Kim', 'email': 'kay.kim@mongodb.com'}

Message: DOCS-12160: show dbs
Branch: v4.0
https://github.com/mongodb/docs/commit/f9574cf24b36dc5bf261709b4a25ddbc4853fe7e

Comment by Githook User [ 31/Jan/19 ]

Author:

{'email': 'kay.kim@mongodb.com', 'name': 'Kay Kim'}

Message: DOCS-12160: show dbs
Branch: master
https://github.com/mongodb/docs/commit/ea89f82f9b7d43511d3738c3d5eef467f52ea27d

Comment by Githook User [ 30/Jan/19 ]

Author:

{'email': 'kay.kim@mongodb.com', 'name': 'Kay Kim'}

Message: DOCS-12160: show dbs
Branch: v4.0.6
https://github.com/mongodb/docs/commit/f608f15e7f538c3a7271d43fe307f87c2c6f975c

Comment by Kay Kim (Inactive) [ 12/Dec/18 ]

[sgolemon] – so, using test user kaytest with readWrite permission on test db, I was expecting a list of dbs (well, test actually) but still get auth errors:

~/mongo $ ./mongodb-4.1.6/bin/mongo -u kaytest --authenticationDatabase test -p abc123
MongoDB shell version v4.1.6-103-g35da9da
connecting to: mongodb://127.0.0.1:27017/?authSource=test&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("9c9157cc-5b2d-4d95-975b-170137e1a558") }
MongoDB server version: 3.6.9
WARNING: shell and server versions do not match
> show dbs
2018-12-12T17:26:05.590-0500 E QUERY    [js] Error: listDatabases failed:{
	"ok" : 0,
	"errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, filter: {}, lsid: { id: UUID(\"9c9157cc-5b2d-4d95-975b-170137e1a558\") }, $db: \"admin\" }",
	"code" : 13,
	"codeName" : "Unauthorized"
} :

Running connectionStatus returns:

> db.runCommand({ connectionStatus: 1, showPrivileges: true })
{
	"authInfo" : {
		"authenticatedUsers" : [
			{
				"user" : "kaytest",
				"db" : "test"
			}
		],
		"authenticatedUserRoles" : [
			{
				"role" : "readWrite",
				"db" : "test"
			}
		],
		"authenticatedUserPrivileges" : [
			{
				"resource" : {
					"db" : "test",
					"collection" : ""
				},
				"actions" : [
					"changeStream",
					"collStats",
					"convertToCapped",
					"createCollection",
					"createIndex",
					"dbHash",
					"dbStats",
					"dropCollection",
					"dropIndex",
					"emptycapped",
					"find",
					"insert",
					"killCursors",
					"listCollections",
					"listIndexes",
					"planCacheRead",
					"remove",
					"renameCollectionSameDB",
					"update"
				]
			},
			{
				"resource" : {
					"db" : "test",
					"collection" : "system.indexes"
				},
				"actions" : [
					"changeStream",
					"collStats",
					"dbHash",
					"dbStats",
					"find",
					"killCursors",
					"listCollections",
					"listIndexes",
					"planCacheRead"
				]
			},
			{
				"resource" : {
					"db" : "test",
					"collection" : "system.js"
				},
				"actions" : [
					"changeStream",
					"collStats",
					"convertToCapped",
					"createCollection",
					"createIndex",
					"dbHash",
					"dbStats",
					"dropCollection",
					"dropIndex",
					"emptycapped",
					"find",
					"insert",
					"killCursors",
					"listCollections",
					"listIndexes",
					"planCacheRead",
					"remove",
					"renameCollectionSameDB",
					"update"
				]
			},
			{
				"resource" : {
					"db" : "test",
					"collection" : "system.namespaces"
				},
				"actions" : [
					"changeStream",
					"collStats",
					"dbHash",
					"dbStats",
					"find",
					"killCursors",
					"listCollections",
					"listIndexes",
					"planCacheRead"
				]
			}
		]
	},
	"ok" : 1
}

Generated at Thu Feb 08 08:04:32 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.