[DOCS-4269] Clarify that the root role does not have access to system.* collections Created: 31/Oct/14  Updated: 05/Nov/14  Resolved: 05/Nov/14

Status: Closed
Project: Documentation
Component/s: manual
Affects Version/s: None
Fix Version/s: v1.3.13

Type: Improvement Priority: Major - P3
Reporter: Kevin Pulo Assignee: Sam Kleinman (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-15893 root role should be able to run valid... Closed
Participants:
Days since reply: 9 years, 15 weeks ago

 Description   

The root role does not include access to system.* collections. This is only documented indirectly and implicitly with a combination of http://docs.mongodb.org/manual/reference/resource-document/#specify-a-database-as-resource and http://docs.mongodb.org/manual/reference/built-in-roles/#root. Meanwhile, the http://docs.mongodb.org/manual/tutorial/add-admin-user/ tutorial does not mention any of this, and strongly implies that the root role has unrestricted access to the system. Users are thus likely to be surprised when they are unable to do certain operations on the system.* collections after authenticating as root.

Suggest:

  1. updating the language in http://docs.mongodb.org/manual/tutorial/add-admin-user/ to properly explain what the root role can and cannot actually do
  2. making the proviso in http://docs.mongodb.org/manual/reference/built-in-roles/ regarding non-system collections much more prominent
  3. clarifying in http://docs.mongodb.org/manual/reference/built-in-roles/#root that the root role can only do a limited set of operations with the system.* collections, making it unsuitable for a range of tasks with those collections (eg. running the validate command on system collections), not just restoring mongodumps that have users/roles defined.


 Comments   
Comment by Sam Kleinman (Inactive) [ 05/Nov/14 ]

added more context to the definition of the root role. don't think it's appropriate to duplicate information to the tutorial.

Comment by Githook User [ 05/Nov/14 ]

Author:

{u'username': u'tychoish', u'name': u'Sam Kleinman', u'email': u'samk@10gen.com'}

Message: DOCS-4269: adding clarification about root-role
Branch: master
https://github.com/mongodb/docs/commit/71d250784c90464d55357ab5bfbdee0896a1e162

Generated at Thu Feb 08 07:47:36 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.