[SERVER-11381] grantPrivilegesToRole and revokePrivilegesFromRole should reject empty 'privileges' argument Created: 25/Oct/13  Updated: 30/Oct/15  Resolved: 26/Nov/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.3
Fix Version/s: 2.5.5

Type: Bug Priority: Major - P3
Reporter: Samantha Ritter (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Operating System: ALL
Participants:

 Description   

> db.runCommand(

{ grantPrivilegesToRole: "roleName", privileges: [] }

)
> db.runCommand(

{ revokePrivilegesFromRole: "roleName", privileges: [] }

)

expect commands to fail, because 'privileges' array is empty. Instead, get

{ "ok" : 1 }

This is a bug for the sake of consistency with other role-related commands. For example, the grantRoleToRole() and grantRoleToUser() commands will fail if you pass an empty 'roles' array to either. These commands require at least one specified granted role in order to succeed.



 Comments   
Comment by Githook User [ 26/Nov/13 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-11381 Make grant/revokePrivilegesFromRole commands reject empty 'privileges' array
Branch: master
https://github.com/mongodb/mongo/commit/4794dea52363a8e5be65648f69d7f98421666964

Generated at Thu Feb 08 03:25:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.