[SERVER-11022] Better error message when do db.system.users.insert( {...}) Created: 03/Oct/13 Updated: 29/Oct/15 Resolved: 29/Oct/15 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Improvement | Priority: | Minor - P4 |
| Reporter: | Matt Kalan | Assignee: | Andreas Nilsson |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: |
| Description |
|
In 2.5.2, it looks like someone with a userAdmin role can no longer directly manipulate documents in the system.users collection as I'm told we added helper functions for user management. However, the error given to a user manipulating the collection directly should be clearer. I authenticated myself with role userAdmin and I do:
It should say something like: "Cannot manipulate the system.users collection directly - use helper method" |
| Comments |
| Comment by Matt Kalan [ 29/Oct/15 ] |
|
Yeah that is interesting that it can be done. At this point, the helpers have been the main way of managing users for a few releases so yeah seems OK, as it was more important during the transition |
| Comment by Andreas Nilsson [ 29/Oct/15 ] |
|
This behavior is semantically correct so I will close this ticket. matt.kalan do you want us to add any type of documentation around this or has that ship sailed? |
| Comment by Andy Schwerin [ 04/Oct/13 ] |
|
Caveat: one can grant write access to system.users collections beginning in 2.5.3, but it is not advised except for restoring from backups, and emergency manual maintenance. Can this be resolved with documentation? |