<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 08:06:47 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[DOCS-13039] Not able to get collection stats of config db</title>
                <link>https://jira.mongodb.org/browse/DOCS-13039</link>
                <project id="10380" key="DOCS">Documentation</project>
                    <description>&lt;h2&gt;&lt;a name=&quot;Description&quot;&gt;&lt;/a&gt;Description&lt;/h2&gt;

&lt;p&gt;&lt;b&gt;User with the following role :-&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;db.createUser({user:&quot;user15&quot;,pwd:&quot;password&quot;, roles:[&lt;/p&gt;

{role:&quot;userAdminAnyDatabase&quot;, db:&quot;admin&quot;}

&lt;p&gt;, {role:&quot;clusterMonitor&quot;, db:&quot;admin&quot;}, {role:&quot;readAnyDatabase&quot;, db:&quot;admin&quot;}, {role:&quot;read&quot;, db:&quot;config&quot;} ]})&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;Not able to fetch System.sessions.stats() of config db .&#160; Error -&amp;gt;&lt;/p&gt;

&lt;p&gt;&lt;b&gt;db.system.sessions.stats()&lt;/b&gt;&lt;/p&gt;

&lt;p&gt;db.system.sessions.stats(){ &quot;ok&quot; : 0, &quot;errmsg&quot; : &quot;not authorized on config to execute command { collStats: \&quot;system.sessions\&quot;, scale: undefined, lsid:&lt;/p&gt;

{ id: UUID(\&quot;48024901-b14a-4fa9-b645-ab0b24545c66\&quot;) }

&lt;p&gt;, $db: \&quot;config\&quot; }&quot;, &quot;code&quot; : 13, &quot;codeName&quot; : &quot;Unauthorized&quot;}&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;&#160;&lt;/p&gt;

&lt;p&gt;From which role of user , I am able to get these stats. In document , This is stated that all db&apos;s collection stats is able t fetch through &lt;b&gt;ClusterMonitor&lt;/b&gt; role . Here I have given all the necessary roles but not able to fetch the stats of config db.&lt;/p&gt;
&lt;h2&gt;&lt;a name=&quot;Scopeofchanges&quot;&gt;&lt;/a&gt;Scope of changes&lt;/h2&gt;
&lt;ul&gt;
	&lt;li&gt;Need to clarify whether roles that have demarc between &quot;All collections in &amp;lt;X&amp;gt; database&quot;&#160; and &quot;only the following system collections&quot; should actually be &quot;All non-system collections...&quot;&lt;/li&gt;
	&lt;li&gt;Generally seems like we need better guidance around how built-in roles work against system collections.&lt;/li&gt;
&lt;/ul&gt;


&lt;h2&gt;&lt;a name=&quot;ImpacttoOtherDocs&quot;&gt;&lt;/a&gt;Impact to Other Docs&lt;/h2&gt;

&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;Fixups in 3.6 should be forward-ported if possible. Might make more sense to start with 4.2 and backport more general refinements, making version-specific fixes where possible.
&lt;h2&gt;&lt;a name=&quot;MVP%28WorkandDate%29&quot;&gt;&lt;/a&gt;MVP (Work and Date)&lt;/h2&gt;
&lt;h2&gt;&lt;a name=&quot;Resources%28ScopeorDesignDocs%2CInvision%2Cetc.%29&quot;&gt;&lt;/a&gt;Resources (Scope or Design Docs, Invision, etc.)&lt;/h2&gt;&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment>MongoDB 3.6.3 version.&lt;br/&gt;
&lt;br/&gt;
&lt;a href=&quot;https://docs.mongodb.com/v3.6/reference/built-in-roles/#cluster-administration-roles&quot;&gt;https://docs.mongodb.com/v3.6/reference/built-in-roles/#cluster-administration-roles&lt;/a&gt;</environment>
        <key id="932583">DOCS-13039</key>
            <summary>Not able to get collection stats of config db</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="12300">Won&apos;t Do</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="rmahor06@gmail.com">rahul mahor</reporter>
                        <labels>
                            <label>docs-investigating</label>
                            <label>docs-security</label>
                    </labels>
                <created>Thu, 19 Sep 2019 10:18:00 +0000</created>
                <updated>Mon, 30 Oct 2023 20:34:38 +0000</updated>
                                            <version>3.6.6</version>
                                    <fixVersion>Server_Docs_20231030</fixVersion>
                                    <component>manual</component>
                        <due></due>
                            <votes>0</votes>
                                    <watches>5</watches>
                                                                                                                <comments>
                            <comment id="4940428" author="edu.bot" created="Mon, 31 Oct 2022 16:05:16 +0000"  >&lt;p&gt;Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you!&lt;/p&gt;</comment>
                            <comment id="2425226" author="ravind.kumar" created="Thu, 19 Sep 2019 13:57:07 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=rmahor06%40gmail.com&quot; class=&quot;user-hover&quot; rel=&quot;rmahor06@gmail.com&quot;&gt;rmahor06@gmail.com&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;I think this might be an issue with how we have worded our documentation, unfortunately.&lt;/p&gt;

&lt;p&gt;Looking at &lt;a href=&quot;https://docs.mongodb.com/v3.6/reference/built-in-roles/#clusterMonitor&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;the 3.6 docs for &lt;tt&gt;clusterMonitor&lt;/tt&gt;&lt;/a&gt; , the table has two separations:&lt;/p&gt;

&lt;ul&gt;
	&lt;li&gt;&quot;All collections in the *&lt;b&gt;config&lt;/b&gt; database&quot;&lt;/li&gt;
	&lt;li&gt;&lt;tt&gt;system.indexes&lt;/tt&gt;, &lt;tt&gt;system.js&lt;/tt&gt;. &lt;tt&gt;system.namespace&lt;/tt&gt; collections&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;I have to double check, but I wonder if we generally do &lt;b&gt;not&lt;/b&gt; provide access to &lt;tt&gt;system.x&lt;/tt&gt; collections outside of the listed collections for the &lt;tt&gt;clusterMonitor&lt;/tt&gt; built in role. That is, the first block should be &quot;All non-system collections in the *&lt;b&gt;config&lt;/b&gt;* database&quot;. That would, I think, make sense as we often treat &lt;tt&gt;system&lt;/tt&gt; collections more carefully given their internal importance.&lt;/p&gt;

&lt;p&gt;Thank you for bringing this to our attention. In the meantime, I would suggest explicitly adding the &lt;tt&gt;read&lt;/tt&gt; built-in role against the &lt;tt&gt;system.sessions&lt;/tt&gt; collection. Try to add a role that specifies both the database and the collection as per &lt;a href=&quot;https://docs.mongodb.com/v3.6/reference/resource-document/#specify-a-collection-of-a-database-as-resource&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;this example&lt;/a&gt;. &lt;/p&gt;

&lt;p&gt;While you have {&lt;tt&gt;role : &quot;read&quot;, db: &quot;config&quot;&lt;/tt&gt;} in your user role assignments, we do state the following:&lt;/p&gt;

&lt;blockquote&gt;&lt;p&gt;Each of MongoDB&#8217;s built-in roles defines access at the database level for all non-system collections in the role&#8217;s database and at the collection level for all system collections.&lt;/p&gt;&lt;/blockquote&gt;

&lt;p&gt;I think what is implied here (and will need to be clarified) is that assigning a role at the database level provides access to all non-&lt;tt&gt;system&lt;/tt&gt; collections in that database. For &lt;tt&gt;system&lt;/tt&gt; collections, you must assign the role at the collection level. I need to verify this, however.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Thu, 19 Sep 2019 13:57:07 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        1 year, 14 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>false</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>emet.ozar@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            1 year, 14 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                            <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>edu.bot</customfieldvalue>
            <customfieldvalue>rmahor06@gmail.com</customfieldvalue>
            <customfieldvalue>ravind.kumar</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hvr7c7:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hvfuhr:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hvqtlj:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                </customfields>
    </item>
</channel>
</rss>