| Steps To Reproduce: |
- Create two users: one with role restore, one with role readWriteAnyDatabase.
- Attempt to run an insert on system.js with bypassDocumentValidation=true on each user
- If auth is enabled, one should succeed, and the other will fail.
> db.createUser({user: "ted", pwd: "ted", roles: [{role: "root", db: "admin"}]})
|
Successfully added user: {
|
"user" : "ted",
|
"roles" : [
|
{
|
"role" : "root",
|
"db" : "admin"
|
}
|
]
|
}
|
> db.auth("ted", "ted")
|
1
|
> db.createUser({user: "dave", pwd: "dave", roles: [{role: "restore", db: "admin"}]})db.createUser({user: "pj", pwd: "pj", roles: [{role: "readWriteAnyDatabase", db: "admin"}]})Successfully added user: {
|
"user" : "dave",
|
"roles" : [
|
{
|
"role" : "restore",
|
"db" : "admin"
|
}
|
]
|
}
|
>
|
dbdb.createUser({user: "pj", pwd: "pj", roles: [{role: "readWriteAnyDatabase", db: "admin"}]})
|
Successfully added user: {
|
"user" : "pj",
|
"roles" : [
|
{
|
"role" : "readWriteAnyDatabase",
|
"db" : "admin"
|
}
|
]
|
}
|
> db.auth("dave","dave")
|
1
|
> use test
|
switched to db test
|
> db.runCommand({insert:"system.js", documents:[{_id:"func2", value:function(k){return k;}}], bypassDocumentValidation: true})
|
{ "n" : 1, "ok" : 1 }
|
> use admin
|
switched to db admin
|
> db.auth("pj","pj")
|
1
|
> use test
|
switched to db test
|
> db.runCommand({insert:"system.js", documents:[{_id:"func3", value:function(k){return k;}}], bypassDocumentValidation: true})
|
{
|
"ok" : 0,
|
"errmsg" : "not authorized on test to execute command { insert: \"system.js\", bypassDocumentValidation: true, lsid: { id: UUID(\"993eb0b0-3859-4113-9829-03cdbd30db3d\") }, $db: \"test\" }",
|
"code" : 13,
|
"codeName" : "Unauthorized"
|
}
|
|
|