[SERVER-11385] grantPrivilegesToRole and revokePrivilegesFromRole should reject privileges with no actions Created: 25/Oct/13  Updated: 11/Jul/16  Resolved: 26/Nov/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.5.3
Fix Version/s: 2.5.5

Type: Bug Priority: Major - P3
Reporter: Samantha Ritter (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Operating System: ALL
Participants:

 Description   

> var noActionsPriv = { resource:

{ db: "", collection: "" }

, actions: [] };

> db.runCommand(

{ grantPrivilegesToRole: "roleName", privileges: [ noActionsPriv ] }

);
> db.runCommand(

{ revokePrivilegesFromRole: "roleName", privileges: [ noActionsPriv ] }

);

This is a bug for the sake of consistency with other privilege-related commands. For example, the createRole() command will fail if you pass in a privilege with an empty 'actions' array. These commands require at least one specified action in order to succeed.



 Comments   
Comment by Githook User [ 26/Nov/13 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-11385 Make grant/revokePrivilegesFromRole command reject privileges with empty 'actions' list
Branch: master
https://github.com/mongodb/mongo/commit/8ac29783efce6e5caa595afffb65767d278fd53f

Generated at Thu Feb 08 03:25:39 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.