[SERVER-10769] Roles/Privileges Created: 13/Sep/13  Updated: 10/Dec/14  Resolved: 16/Sep/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: Siva Balasubramaniam Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

I added the user 'listings'. Would like to know what privileges are assigned to the user?
--Command used to create user (2.4.6 Version)
db.addUser('listings','listings')
db.system.users.find()

{ "_id" : ObjectId("523381305b1df0481a61264d"), "user" : "listings", "readOnly" : false, "pwd" : "bb14cb9184db4da5a3040564eedf0f86" }

 Comments   
Comment by Spencer Brody (Inactive) [ 16/Sep/13 ]

Great, glad we could help!

Comment by Siva Balasubramaniam [ 16/Sep/13 ]

Thank you Spencer, this is exactly what I was looking for. You may close the case.

-Siva

Comment by Spencer Brody (Inactive) [ 16/Sep/13 ]

I believe the confusion here arises from the fact that the access control rules changed between version 2.2 and 2.4 of the server.

The concept of roles was added in version 2.4, and to create users with the new roles you need to use the new form of user creation that takes a full privilege document as the input. How to create a user with the new roles is documented here: http://docs.mongodb.org/manual/tutorial/add-user-to-database/. The form of the addUser shell helper you are using that takes just a user name and password without any roles is deprecated and left over for backwards compatibility with 2.2 which did not have explicit roles. The privileges granted to a user made with that form don't match up exactly to any of the new roles, but is approximately the combination of readWrite, dbAdmin, and userAdmin when made on a non-admin database; users created with that form on the admin database are full super users of the system.

I hope that helps clear things up, please let us know if you have further questions about this.

Comment by Siva Balasubramaniam [ 16/Sep/13 ]

Hi Dan,
If I create a user using the following command "db.addUser('listings','listings')", it doesn't tell us clearly what roles have been assigned to the user. Just says "readOnly" : false, "pwd" : "bb14cb9184db4da5a3040564eedf0f86".

Thanks
Siva

Comment by Daniel Pasette (Inactive) [ 16/Sep/13 ]

Can you explain what question you are asking please?

Generated at Thu Feb 08 03:24:01 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.