[SERVER-66238] Unable to view system.views on mongos Created: 05/May/22 Updated: 17/May/22 |
|
| Status: | Investigating |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Julia Ruddy (Inactive) | Assignee: | Julia Ruddy (Inactive) |
| Resolution: | Unresolved | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||
| Operating System: | ALL | ||||
| Steps To Reproduce: |
|
||||
| Sprint: | Security 2022-05-30 | ||||
| Participants: | |||||
| Description |
|
For a sharded cluster with auth enabled, running any operation on system.views results in an authentication error despite being connected as a user with the following roles: { "role" : "backup", "db" : "admin" }, , , ,
Additionally, when I run show collections on a database with views, the system.views collection is not shown. This behavior differs from that of a replica set. When I create a replica set with auth and authenticate as a user with the same roles as above, I see the system.views collection and am able to run operations on the collection accordingly. Is this difference in behavior between mongos and mongod intentional? |
| Comments |
| Comment by Sara Golemon [ 17/May/22 ] |
|
julia.ruddy@mongodb.com I'm not seeing the behavior you describe in my attempts to reproduce based on the information you provided: https://github.com/10gen/mongo/commit/5c022b45fc2e492d14305b3b6305994d6ae7fa9d I'm getting the expected "Unauthorized to run find on test.system.views" exception for standalone, replset, and sharding. Could you take a look at my test case and advice where I'm diverging from yours? Or perhaps provide your own repro script? |
| Comment by Chris Kelly [ 10/May/22 ] |
|
Issue appears to be related to authentication on mongos. In
|