[SERVER-11063] users with roles readAnyDatabase or readWriteAnyDatabase should not be authorized to run the listDatabases command Created: 07/Oct/13 Updated: 09/Jul/16 Resolved: 07/Oct/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Minor - P4 |
| Reporter: | David Storch | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | 26qa | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Backwards Compatibility: | Minor Change | |
| Operating System: | ALL | |
| Steps To Reproduce: |
Expected result: command fails with "unauthorized" |
|
| Participants: |
| Description |
|
In v2.4.6, only users with the role clusterAdmin are permitted to run the listDatabases command. In recent builds (I am running against githash 19cd20cbceccfb21fd4338a2a8d5e3ad1738581d), users without the clusterAdmin role can run listDatabases if they have either the readAnyDatabase or readWriteAnyDatabase roles. The desired behavior is that from v2.4.6--readAnyDatabase or readWriteAnyDatabase should NOT provide listDatabases permission. |
| Comments |
| Comment by Andy Schwerin [ 07/Oct/13 ] |
|
This was an intentional change. |