[SERVER-7881] Re-enable jstests/sharding/authCommands2.js Created: 07/Dec/12 Updated: 11/Jul/16 Resolved: 10/Dec/12 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | Security, Sharding |
| Affects Version/s: | None |
| Fix Version/s: | 2.3.2 |
| Type: | Task | Priority: | Major - P3 |
| Reporter: | Spencer Brody (Inactive) | Assignee: | Spencer Brody (Inactive) |
| Resolution: | Done | Votes: | 0 |
| Labels: | buildbot | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: |
| Description |
|
I temporarily disabled authCommands2.js to get BB passing. The reason that it's failing is because in our existing auth system there are read-only admin commands (and read-only admin users), but in the new auth system the "admin" commands are commands that are granted by the serverAdmin and clusterAdmin roles. Those roles have no distinction between read-only and read-write, so we only grant serverAdmin and clusterAdmin to read-write admin users from old-style privilege documents. We probably need to split the serverAdmin and clusterAdmin roles into read-only and read-write groupings internally (we don't need to surface that division to users of new-style privilege documents) to correctly support old-style privilege documents in a backwards compatible way. Once we've done that we should turn authCommands2.js back on. |
| Comments |
| Comment by auto [ 10/Dec/12 ] |
|
Author: {u'date': u'2012-12-10T18:29:16Z', u'email': u'spencer@10gen.com', u'name': u'Spencer T Brody'}Message: |
| Comment by auto [ 07/Dec/12 ] |
|
Author: {u'date': u'2012-12-07T22:59:19Z', u'email': u'spencer@10gen.com', u'name': u'Spencer T Brody'}Message: |