[DOCS-4176] moveChunk privilege applies to db/collection resource, not cluster Created: 14/Oct/14 Updated: 16/Mar/15 Resolved: 15/Oct/14 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | manual |
| Affects Version/s: | None |
| Fix Version/s: | v1.3.12 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Andrew Ryder (Inactive) | Assignee: | Michael Paik |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Participants: | |||||
| Days since reply: | 9 years, 18 weeks ago | ||||
| Description |
|
This page: http://docs.mongodb.org/manual/reference/privilege-actions/#authr.moveChunk |
| Comments |
| Comment by Githook User [ 15/Oct/14 ] |
|
Author: {u'username': u'mpaik', u'name': u'Michael Paik', u'email': u'michael.paik@10gen.com'}Message: Signed-off-by: Sam Kleinman <samk@10gen.com> |
| Comment by Spencer Brody (Inactive) [ 15/Oct/14 ] |
|
That is correct. I do not believe the spreadsheet is being updated anymore, though perhaps someone else has been doing it. |
| Comment by Andreas Nilsson [ 15/Oct/14 ] |
|
The spreadsheet is not authoritative (the code is) but they should be in sync. michael.paik I added u as an editor. I made this particular change but feel free to edit any other issues identified. |
| Comment by Michael Paik [ 15/Oct/14 ] |
|
So just to be clear, moveChunk privilege is not applied to the cluster resource, but to the collection or database resource, depending on whether the movePrimary or moveChunk operation is being called. If so, I'll make the relevant changes, but someone will need to update that Google spreadsheet (assuming it's even maintained). |
| Comment by Spencer Brody (Inactive) [ 15/Oct/14 ] |
|
This was by design. We can discuss whether we still agree with that design and if we want to change it, but the idea was that the moveChunk action is responsible for all ways one can move data within the cluster. |
| Comment by Andreas Nilsson [ 15/Oct/14 ] |
|
So here is how it works today: The movePrimary command requires moveChunk on the database The clusterManager role gives moveChunk on the database and hence includes both commands above by default. I can't really tell if this is expected/desired, I will ask spencer to weigh in on that. |
| Comment by Andrew Ryder (Inactive) [ 15/Oct/14 ] |
|
Linda has noted that movePrimary has no corresponding action, the command is ganged to the moveChunk action. Thus, items 2 & 3 above are incorrect but should instead be read as a single item, thusly: clusterManager does not need to cover movePrimary (because it isn't an action), but the definition of the moveChunk action should specify that it applies to both moveChunk and movePrimary commands. |
| Comment by Andrew Ryder (Inactive) [ 15/Oct/14 ] |
|
Ok, testing here confirms that the resource required is db and collection for both movePrimary and moveChunk. So the documentation seems at least to be incorrect on moveChunk and omits movePrimary entirely. The google doc appears to be the source of the mistake. I think there are three documentation actions needed:
spencer (most recent editor) and/or andreas.nilsson@10gen.com (document owner) please check my outrageous claims above. |