[SERVER-28449] "Root" role does not have permissions to recreate oplog Created: 23/Mar/17 Updated: 27/Oct/23 Resolved: 11/Apr/17 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Dharshan Rangegowda | Assignee: | Mark Agarunov |
| Resolution: | Works as Designed | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Operating System: | ALL | ||||||||||||
| Participants: | |||||||||||||
| Description |
|
I am running into an issue with the 3.2.12 server I have a user with 'root' role that is not able to recreate the oplog ( in order to scale up the size of the oplog)
If the user is granted readWrite on the local DB then it starts to work
Is this expected? I would expect the 'root' role to be a superset of all the permissions. |
| Comments |
| Comment by Mark Agarunov [ 11/Apr/17 ] |
|
Hello dharshanr@scalegrid.net, Thank you for the report. As you noted, with a permission of readWrite on the local database this will work. This intentional and is due to a separation of privileges. The root role is a super-set of permissions affecting user data specifically, not system data, therefore the permissions must be explicitly granted to perform operations on local. Please note that SERVER project is for reporting bugs or feature suggestions for the MongoDB server. For MongoDB-related support discussion please post on the mongodb-user group or Stack Overflow with the mongodb tag. A question like this involving more discussion would be best posted on the mongodb-user group. Thanks, |