[DOCS-3422] Downgrade instructions re: authentication incorrect, not overly comprehensible Created: 17/May/14  Updated: 01/Jul/14  Resolved: 01/Jul/14

Status: Closed
Project: Documentation
Component/s: manual
Affects Version/s: None
Fix Version/s: v1.3.7

Type: Task Priority: Major - P3
Reporter: Richard Kreuter (Inactive) Assignee: Kay Kim (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:
Days since reply: 9 years, 33 weeks, 1 day ago

 Description   

The doc for downgrading the auth info from 2.6 to 2.4 either don't work, or else ought to be much more explicit:

http://docs.mongodb.org/manual/release-notes/2.6-downgrade/#downgrade-2-6-user-authorization-model

Below is a transcript of a session connecting to a v2.6.1 server where a user with userAdminAnyDatabase and readWrite on admin wasn't able to perform write operations analogous to step 3 in the downgrade instructions.

I can't tell from the rest of the documentation whether readWrite implies the privileges stipulated in step 1 of the instructions. (readWrite privileges were sufficient to create a collection called "test" in the same database.) In any case, step 1 of the instructions ought to inform the user how to give themselves the appropriate privileges to run the rest of the steps, if that's actually possible. I observe that the text of step 1 fails even to link to any other place that would explain what the 4 lines of privileges mean and/or how they're to be set up.

Additionally, step 2 of the instructions fails silently.

Probably engineering ought to furnish scripts for critical operations such as these, rather than burdening docs this way. I'm sorry they've made this your problem.

> use admin
switched to db admin
> db.auth("admin","admin");
1
> db.system.users.find()
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" : "7c67ef13bbd4cae106d959320af3f704" }, "roles" : [ { "role" : "readWrite", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
> show collections
system.indexes
system.users
system.version
test
> db.system.new_users.insert({ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" : "7c67ef13bbd4cae106d959320af3f704" }, "roles" : [ { "role" : "readWrite", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" } ] });
WriteResult({
	"writeError" : {
		"code" : 13,
		"errmsg" : "not authorized on admin to execute command { insert: \"system.new_users\", documents: [ { _id: \"admin.admin\", user: \"admin\", db: \"admin\", credentials: { MONGODB-CR: \"7c67ef13bbd4cae106d959320af3f704\" }, roles: [ { role: \"readWrite\", db: \"admin\" }, { role: \"userAdminAnyDatabase\", db: \"admin\" } ] } ], ordered: true }"
	}
})



 Comments   
Comment by Githook User [ 01/Jul/14 ]

Author:

{u'username': u'kay-kim', u'name': u'kay', u'email': u'kay.kim@10gen.com'}

Message: DOCS-3422 add the priv required for invalidateUserCache
Branch: master
https://github.com/mongodb/docs/commit/389c973ff7c7ccabf54198b8e6d2e85cae5d8e4c

Comment by Githook User [ 01/Jul/14 ]

Author:

{u'username': u'kay-kim', u'name': u'kay', u'email': u'kay.kim@10gen.com'}

Message: DOCS-3422 downgrade auth model add steps to create user with proper auth

tweak some typos
Branch: master
https://github.com/mongodb/docs/commit/1214e08f3204df49a40d0e2094a725199b39185f

Generated at Thu Feb 08 07:45:41 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.