[DOCS-9815] users with permission to run find on a db can't run listCollections on that db Created: 24/Jan/17 Updated: 30/Oct/23 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | Server |
| Affects Version/s: | None |
| Fix Version/s: | Server_Docs_20231030 |
| Type: | Improvement | Priority: | Major - P3 |
| Reporter: | Samantha Ritter (Inactive) | Assignee: | Ravind Kumar (Inactive) |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: | |
| Days since reply: | 1 year, 14 weeks, 2 days ago |
| Story Points: | 0.2 |
| Description |
|
In our documentation, we say that the find actionType grants you permission to run listCollections. Say we create a custom role that grants the find actionType on some database:
A user with the "findRole" role will not be able to run listCollections. This is subtle. It's because specifying empty string as the collection for a resource excludes system collections, and we require permissions on system.namespaces to run listCollections. While nothing in our documentation is strictly wrong, it is certainly misleading. |
| Comments |
| Comment by Education Bot [ 31/Oct/22 ] |
|
Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you! |
| Comment by Ravind Kumar (Inactive) [ 24/Jan/17 ] |
|
ToDo: Add note that, if the user sets the database as the resource document for find, user must also specify find on db: admin, collection: system.namespaces to use listCollections |