[DOCS-13039] Not able to get collection stats of config db Created: 19/Sep/19 Updated: 30/Oct/23 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual |
| Affects Version/s: | 3.6.6 |
| Fix Version/s: | Server_Docs_20231030 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | rahul mahor | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | docs-investigating, docs-security | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
MongoDB 3.6.3 version. https://docs.mongodb.com/v3.6/reference/built-in-roles/#cluster-administration-roles |
||
| Participants: | |
| Days since reply: | 1 year, 14 weeks, 2 days ago |
| Description |
| Comments |
| Comment by Education Bot [ 31/Oct/22 ] |
|
Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you! |
| Comment by Ravind Kumar (Inactive) [ 19/Sep/19 ] |
|
I think this might be an issue with how we have worded our documentation, unfortunately. Looking at the 3.6 docs for clusterMonitor , the table has two separations:
I have to double check, but I wonder if we generally do not provide access to system.x collections outside of the listed collections for the clusterMonitor built in role. That is, the first block should be "All non-system collections in the *config* database". That would, I think, make sense as we often treat system collections more carefully given their internal importance. Thank you for bringing this to our attention. In the meantime, I would suggest explicitly adding the read built-in role against the system.sessions collection. Try to add a role that specifies both the database and the collection as per this example. While you have {role : "read", db: "config"} in your user role assignments, we do state the following:
I think what is implied here (and will need to be clarified) is that assigning a role at the database level provides access to all non-system collections in that database. For system collections, you must assign the role at the collection level. I need to verify this, however. |