[SERVER-8597] Authenticating as a user that has a non-existent role prevents acquiring any privileges, even if that user has other valid roles Created: 15/Feb/13  Updated: 11/Jul/16  Resolved: 16/Feb/13

Status: Closed
Project: Core Server
Component/s: Security
Affects Version/s: None
Fix Version/s: 2.4.0-rc1

Type: Bug Priority: Major - P3
Reporter: Spencer Brody (Inactive) Assignee: Spencer Brody (Inactive)
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to SERVER-8327 Possible to create user with invalid ... Closed
Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

You should still be able to authenticate to a user with an invalid role (could be important for future upgrade paths to a version with more, or user-defined, roles). We should just skip the invalid role and continue acquiring privileges for any other valid roles in that user's privilege document.



 Comments   
Comment by auto [ 16/Feb/13 ]

Author:

{u'date': u'2013-02-16T02:28:31Z', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-8597 Fix AuthorizationManager unit test now that invalid roles no longer prevent privilege acquisition
Branch: master
https://github.com/mongodb/mongo/commit/1bd8b84c64214356f482fa3164d88e664f585243

Comment by auto [ 16/Feb/13 ]

Author:

{u'date': u'2013-02-15T23:34:47Z', u'name': u'Spencer T Brody', u'email': u'spencer@10gen.com'}

Message: SERVER-8597 The presence of invalid roles shouldn't prevent privilege acquisition from valid roles
Branch: master
https://github.com/mongodb/mongo/commit/711cd9fc6e2cb95dfc0803ec8487c17d0a530b04

Generated at Thu Feb 08 03:17:52 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.