[SERVER-27755] Unable to change own password of non-admin user Created: 19/Jan/17 Updated: 20/Jan/17 Resolved: 20/Jan/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Sumanta Dutta | Assignee: | Mark Agarunov |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Operating System: | ALL | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Steps To Reproduce: |
Thanks! |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Participants: |
| Description |
|
1. I created a role with changeOwnPassword privilege
2. I granted the role to non-admin read-only user
3. Tried to change password without luck. I hope it’s not expecting readWrite.
BTW, we are using following versions - MongoDB shell version: 3.2.5 MongoS version 3.2.5 Thanks! |
| Comments |
| Comment by Sumanta Dutta [ 20/Jan/17 ] | ||||||||||||
|
Hi Mark, Thanks for responding. I posted the same on user group 2 days before filing Regarding using db and collection as "", I thought I tried that as well, Thanks, | ||||||||||||
| Comment by Mark Agarunov [ 20/Jan/17 ] | ||||||||||||
|
Hello suduttaus, Thank you for the report. Looking over the output you have provided, this looks like it may be a misconfiguration of the role permissions. I see you have the resource set to cluster:
The cluster resource provides permissions to cluster management related resources, not to all databases in the cluster. The resource for this action type would have to be the admin database, or more permissively, leave the database empty. For example:
OR
Please note that SERVER project is for reporting bugs or feature suggestions for the MongoDB server. For MongoDB-related support discussion please post on the mongodb-user group or Stack Overflow with the mongodb tag. A question like this involving more discussion would be best posted on the mongodb-user group. Thanks, |