[SERVER-8327] Possible to create user with invalid role. Created: 24/Jan/13  Updated: 08/Mar/13  Resolved: 15/Feb/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: 2.3.2
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
related to SERVER-8597 Authenticating as a user that has a n... Closed
Operating System: ALL
Participants:

 Description   

db.addUser({user:'admin', pwd:'password', roles:['nonsenseRole']})

succeeds and inserts the document into system.users. Authenticating with that user will also succeed, though no privileges will be granted (in the logs there's a message "Privilege acquisition failed for admin@admin in database admin: No such role, nonsenseRole, in database admin (BadValue)")


Generated at Thu Feb 08 03:17:08 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.