[SERVER-11027] not authorized to execute repairDatabase for user with role clusterAdmin Created: 03/Oct/13  Updated: 11/Jul/16  Resolved: 25/Oct/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.5.4

Type: Bug Priority: Major - P3
Reporter: David Storch Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
depends on SERVER-9514 System-defined roles Closed
Related
related to SERVER-8213 Make copyDB and clone work with auth ... Closed
Operating System: ALL
Steps To Reproduce:

1) run mongod with --auth
2) use admin
3)

db.addUser({user: "x", pwd: "x", roles: ["clusterAdmin"]})

4)

db.auth("x", "x")

5) use test
6)

db.runCommand({repairDatabase: 1})

Participants:

 Description   

Expected: A user with the clusterAdmin role should be authorized to run the repairDatabase command.

Actual: Attempting to run repairDatabase on either the admin database or a non-admin database gives an authorization error, even when the user has the clusterAdmin role:

{
	"ok" : 0,
	"errmsg" : "not authorized on roles_commands_1 to execute command { repairDatabase: 1.0 }",
	"code" : 13
}



 Comments   
Comment by auto [ 25/Oct/13 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-11027 Make clusterAdmin role able to run repairDatabase again
Branch: master
https://github.com/mongodb/mongo/commit/9cbcecebe3b2735f45aed1b2cde95c66396fa2ca

Generated at Thu Feb 08 03:24:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.