[SERVER-13833] userAdminAnyDatabase role should be able to create indexes on admin.system.users and admin.system.roles Created: 05/May/14 Updated: 27/Oct/15 Resolved: 28/Jul/14 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security, Usability |
| Affects Version/s: | 2.6.1 |
| Fix Version/s: | 2.6.4, 2.7.5 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Spencer Brody (Inactive) | Assignee: | Amalia Hawkins |
| Resolution: | Done | Votes: | 0 |
| Labels: | cap-ticket-needed | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||||||
| Backwards Compatibility: | Fully Compatible | ||||||||||||||||
| Operating System: | ALL | ||||||||||||||||
| Backport Completed: | |||||||||||||||||
| Participants: | |||||||||||||||||
| Description |
| Comments |
| Comment by Githook User [ 28/Jul/14 ] |
|
Author: {u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}Message: |
| Comment by Githook User [ 28/Jul/14 ] |
|
Author: {u'username': u'hawka', u'name': u'Amalia Hawkins', u'email': u'amalia.hawkins@10gen.com'}Message: |
| Comment by Spencer Brody (Inactive) [ 24/Jul/14 ] |
|
Yes, it should probably be able to do that too |
| Comment by Amalia Hawkins [ 24/Jul/14 ] |
|
What about dropping indexes? |
| Comment by Spencer Brody (Inactive) [ 06/May/14 ] |
|
Updating this ticket's description to reflect that userAdminAnyDatabase cannot be used with mongorestore to restore user data, as it does not have the permission to do direct inserts into admin.system.users - this is by design and adding the ability to create indexes on it won't change this. It is still probably a good idea to let userAdminAnyDatabase build indexes on admin.system.users, just to make querying the users collection easier if you have a lot of users, but it means this ticket is lower priority than originally thought. |