[SERVER-30398] setFeatureCompatibilityVersion shouldn't disable custom roles Created: 28/Jul/17  Updated: 30/Oct/23  Resolved: 30/Jul/17

Status: Closed
Project: Core Server
Component/s: Internal Code
Affects Version/s: None
Fix Version/s: 3.5.11

Type: Bug Priority: Major - P3
Reporter: Spencer Jackson Assignee: Sara Golemon
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Depends
is depended on by SERVER-29182 Add restriction support to the usersInfo Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Sprint: Platforms 2017-07-31
Participants:

 Description   

setFeatureCompatibilityVersion issues a collMod to admin.system.roles. The AuthorizationManager receives a notification of this event, but is unable to understand what it means for the semantics of the collection. This results in the following error message:

2017-07-27T18:18:35.908-0400 E ACCESS   [conn1] Unsupported modification to roles collection in oplog; restart this process to reenable user-defined roles; OplogOperationUnsupported: Unsupported oplog operation; Oplog entry: { op: "c", ns: "admin.$cmd", o: { collMod: "system.roles" } }

After this point, privileges provided by custom roles no longer propagate to users.



 Comments   
Comment by Githook User [ 31/Jul/17 ]

Author:

{'email': 'mark.benvenuto@mongodb.com', 'username': 'markbenvenuto', 'name': 'Mark Benvenuto'}

Message: SERVER-30398 Fix Lint
Branch: master
https://github.com/10gen/mongo-enterprise-modules/commit/cbb76b6337849909d46408bcfa34971cad38ce32

Comment by Sara Golemon [ 30/Jul/17 ]

https://github.com/mongodb/mongo/commit/238cc884e33d67bbfea7a1a93d2f19b1922de675

Comment by Githook User [ 30/Jul/17 ]

Author:

{'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon', 'name': 'Sara Golemon'}

Message: SERVER-30398 Add jstests for auditing

AuditEvents checked:

Comment by Githook User [ 30/Jul/17 ]

Author:

{'email': 'sara.golemon@mongodb.com', 'username': 'sgolemon', 'name': 'Sara Golemon'}

Message: SERVER-30398 setFeatureCompatibilityVersion shouldn't disable custom roles
Branch: master
https://github.com/mongodb/mongo/commit/238cc884e33d67bbfea7a1a93d2f19b1922de675

Generated at Thu Feb 08 04:23:40 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.