[SERVER-11234] mongo 2.4 USer privileges Roles to do a 'show dbs' Created: 17/Oct/13 Updated: 10/Dec/14 Resolved: 14/Nov/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.4.4 |
| Fix Version/s: | None |
| Type: | Question | Priority: | Major - P3 |
| Reporter: | MOISAN Benoît | Assignee: | J Rassi |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
mongo 2.4 on ubuntu 12.04 LTS |
||
| Participants: |
| Description |
|
Hi, as ther CSP:PRIMARY> db.addUser( { user: "csp_ro", pwd: "csp_ro", roles: [ "readWrite","clusterAdmin" ] } ) at src/mongo/shell/mongo.js:L46 But the user csp_ro doesn't have roles to do a show dbs. Is it Normal? |
| Comments |
| Comment by J Rassi [ 25/Oct/13 ] |
|
Yes. The shell and drivers all perform the same authentication process, so a user's privileges on the server after logging in will be the same. Make sure you are authenticating against the correct database. |
| Comment by MOISAN Benoît [ 18/Oct/13 ] |
|
your solution seems to be ok from the shell. 'show dbs works'... But unfortunately, i've still an error from my ruby client DrowsyDromedary/ respond : Database command 'listDatabases' failed last question... Is it the same role if i want to do a listDatabases from a client like ruby or php? |
| Comment by J Rassi [ 17/Oct/13 ] |
|
Yes. In MongoDB 2.4, either:
|
| Comment by MOISAN Benoît [ 17/Oct/13 ] |
|
So, what is the solution to have a specific user on a database (for me user cso_ro on database CSP2) who can do a 'show dbs'? |
| Comment by J Rassi [ 17/Oct/13 ] |
|
You tried to create the user with the clusterAdmin role on the CSP database. The clusterAdmin role can only be granted to users on the admin database. |