[SERVER-11312] reIndex command fails with user-defined roles Created: 22/Oct/13  Updated: 11/Jul/16  Resolved: 24/Oct/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.5.4

Type: Bug Priority: Major - P3
Reporter: David Storch Assignee: David Storch
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Gantt Dependency
Operating System: ALL
Participants:

 Description   

Create a user with a single role that has the following privilege:

{ resource: {db: "test", collection: "x"}, actions: ["reIndex"] }

If the user tries to reIndex collection "x", the command fails as shown below:

> db.runCommand({reIndex: "x"})
{
	"nIndexesWas" : 1,
	"msg" : "indexes dropped for collection",
	"errmsg" : "exception: invalid ns to index",
	"code" : 10096,
	"ok" : 0
}

On the other hand, if the user has the dbAdmin role, then the command works just fine:

> db.x.save({})
> db.runCommand({
... createUser: "testUser",
... pwd: "password",
... roles: ["dbAdmin"]
... })
{ "ok" : 1 }
> db.auth("testUser", "password")
1
> db.runCommand({reIndex: "x"})
{
	"nIndexesWas" : 1,
	"msg" : "indexes dropped for collection",
	"nIndexes" : 1,
	"indexes" : [
		{
			"key" : {
				"_id" : 1
			},
			"ns" : "test.x",
			"name" : "_id_"
		}
	],
	"ok" : 1
}



 Comments   
Comment by David Storch [ 24/Oct/13 ]

Yup, this was fixed by revision 2b16aca77cbd4486d780e21636b7043733e12765. Resolving.

Comment by Spencer Brody (Inactive) [ 23/Oct/13 ]

david.storch I cannot reproduce this. I think it may have been fixed by https://github.com/mongodb/mongo/commit/2b16aca77cbd4486d780e21636b7043733e12765. Can you re-test and see if you still see this?

Generated at Thu Feb 08 03:25:27 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.