[SERVER-10769] Roles/Privileges Created: 13/Sep/13 Updated: 10/Dec/14 Resolved: 16/Sep/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Question | Priority: | Major - P3 |
| Reporter: | Siva Balasubramaniam | Assignee: | Spencer Brody (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: |
| Description |
|
I added the user 'listings'. Would like to know what privileges are assigned to the user? |
| Comments |
| Comment by Spencer Brody (Inactive) [ 16/Sep/13 ] |
|
Great, glad we could help! |
| Comment by Siva Balasubramaniam [ 16/Sep/13 ] |
|
Thank you Spencer, this is exactly what I was looking for. You may close the case. -Siva |
| Comment by Spencer Brody (Inactive) [ 16/Sep/13 ] |
|
I believe the confusion here arises from the fact that the access control rules changed between version 2.2 and 2.4 of the server. The concept of roles was added in version 2.4, and to create users with the new roles you need to use the new form of user creation that takes a full privilege document as the input. How to create a user with the new roles is documented here: http://docs.mongodb.org/manual/tutorial/add-user-to-database/. The form of the addUser shell helper you are using that takes just a user name and password without any roles is deprecated and left over for backwards compatibility with 2.2 which did not have explicit roles. The privileges granted to a user made with that form don't match up exactly to any of the new roles, but is approximately the combination of readWrite, dbAdmin, and userAdmin when made on a non-admin database; users created with that form on the admin database are full super users of the system. I hope that helps clear things up, please let us know if you have further questions about this. |
| Comment by Siva Balasubramaniam [ 16/Sep/13 ] |
|
Hi Dan, Thanks |
| Comment by Daniel Pasette (Inactive) [ 16/Sep/13 ] |
|
Can you explain what question you are asking please? |