[SERVER-11424] collStats and dbStats should work for a user with the clusterMonitor role Created: 28/Oct/13  Updated: 11/Jul/16  Resolved: 29/Oct/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.5.4

Type: Bug Priority: Minor - P4
Reporter: David Storch Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: 26qa
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Gantt Dependency
Related
is related to SERVER-9514 System-defined roles Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

Expected: A user who has only the clusterMonitor role should be authorized to run the collStats and dbStats commands.

Actual: access denied

Here is the test output that detects this failure:

----
collStats: expected authorization success but received {
	"ok" : 0,
	"errmsg" : "not authorized on roles_commands_1 to execute command { collStats: \"bar\", scale: 1.0 }",
	"code" : 13
} on db roles_commands_1 with role clusterMonitor
----
 
----
collStats: expected authorization success but received {
	"ok" : 0,
	"errmsg" : "not authorized on roles_commands_2 to execute command { collStats: \"bar\", scale: 1.0 }",
	"code" : 13
} on db roles_commands_2 with role clusterMonitor
----
 
----
dbStats: expected authorization success but received {
	"ok" : 0,
	"errmsg" : "not authorized on roles_commands_1 to execute command { dbStats: 1.0, scale: 1024.0 }",
	"code" : 13
} on db roles_commands_1 with role clusterMonitor
----
 
----
dbStats: expected authorization success but received {
	"ok" : 0,
	"errmsg" : "not authorized on roles_commands_2 to execute command { dbStats: 1.0, scale: 1024.0 }",
	"code" : 13
} on db roles_commands_2 with role clusterMonitor
----

The test jstests/auth/commands.js does not detect this failure because in these two tests the "clusterMonitor" role is misspelled as "monitor" (see here and here).

This problem was created as part of the change that first split the clusterAdmin role into clusterManager, hostManager, and clusterMonitor (git revision 878f2da2f8e87dac0f6b34a97a393576e4d8ff99 and SERVER-9514).



 Comments   
Comment by auto [ 29/Oct/13 ]

Author:

{u'username': u'stbrody', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-11424 Fix clusterMonitor role to be able to run collStats and dbStats
Branch: master
https://github.com/mongodb/mongo/commit/866c51bf79610d8406c5016dd55bf28486201be2

Generated at Thu Feb 08 03:25:46 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.