[SERVER-12062] "userAdmin" and "userAdminAnyDatabase" are not enough to create users in "any database" Created: 12/Dec/13 Updated: 09/Jul/16 Resolved: 12/Dec/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | 2.4.6 |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Gabriel Petrovay | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Mac OSX 10.9 |
||
| Operating System: | OS X |
| Steps To Reproduce: |
$ mongo mono -u admin_all -p 1234 > use another ) |
| Participants: |
| Description |
|
Having a db superuser with "userAdmin" and "userAdminAnyDatabase" is not enough to create users in other databases. In the steps to reproduce you have my example. |
| Comments |
| Comment by Gabriel Petrovay [ 12/Dec/13 ] |
|
Yes, you can close this. I did not read carefully about the admin database and the first note in this section: http://docs.mongodb.org/manual/reference/user-privileges/#any-database-roles |