<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 03:22:10 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-10063] Authenticating as 2 users on the same DB, the privileges of latest authenticated user should take effect but does not</title>
                <link>https://jira.mongodb.org/browse/SERVER-10063</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;I have users &apos;mampakha&apos; and &apos;gor&apos; (pls refer to the output of db.system.users.find() in the mongo shell interaction below for privilege details) on &apos;admin&apos; database.&lt;br/&gt;
I initiate mongo shell for user &apos;mampakha&apos; authenticating against &apos;test&apos; database but connecting to &apos;admin&apos; database.&lt;br/&gt;
Now on this same shell, I authenticate as user &apos;gor&apos; using db.auth(&apos;gor&apos;, &apos;gor&apos;). This user &apos;gor&apos; has just &apos;read&apos; privilege on &apos;admin&apos; database.&lt;br/&gt;
Now I execute db.himal.insert(&lt;/p&gt;
{cat : 89890898}
&lt;p&gt;)  (where himal is a collection on &apos;admin&apos; database) and it executes successfully. This should not have been allowed as &apos;gor&apos; has just &apos;read&apos; privilege on &apos;admin&apos; database.&lt;br/&gt;
Could you please investigate this issue?&lt;/p&gt;

&lt;p&gt;ravi@ravi-laptop:~$ mongo --port 27021 --authenticationDatabase test -u mampakha -p mampakha admin&lt;br/&gt;
MongoDB shell version: 2.4.3&lt;br/&gt;
connecting to: 127.0.0.1:27021/admin&lt;br/&gt;
&amp;gt; db&lt;br/&gt;
admin&lt;br/&gt;
&amp;gt; rs.status()&lt;/p&gt;
{ &quot;ok&quot; : 0, &quot;errmsg&quot; : &quot;unauthorized&quot; }
&lt;p&gt;&amp;gt; db.system.users.find()&lt;/p&gt;
{ &quot;_id&quot; : ObjectId(&quot;519b70680662676664e559ba&quot;), &quot;pwd&quot; : &quot;f339ed38b24579da0ede4155f512f5cb&quot;, &quot;roles&quot; : [ 	&quot;userAdminAnyDatabase&quot;, 	&quot;clusterAdmin&quot;, &quot;dbAdminAnyDatabase&quot;, 	&quot;readWriteAnyDatabase&quot; ], &quot;user&quot; : &quot;pakhandi&quot; }
{ &quot;_id&quot; : ObjectId(&quot;51c96e1484ae4576ab5cc36b&quot;), &quot;user&quot; : &quot;maloom&quot;, &quot;pwd&quot; : &quot;05185521272a43524855f972b57b27b3&quot;, &quot;roles&quot; : [ &quot;readWrite&quot; ] }
&lt;p&gt;{ &quot;_id&quot; : ObjectId(&quot;51c96a1384ae4576ab5cc360&quot;), &quot;otherDBRoles&quot; : &lt;/p&gt;
{ &quot;resto&quot; : [ &quot;readWrite&quot; ] }
&lt;p&gt;, &quot;roles&quot; : [ &quot;userAdmin&quot;, &quot;read&quot;, &quot;readWrite&quot; ], &quot;user&quot; : &quot;mampakha&quot;, &quot;userSource&quot; : &quot;test&quot; }&lt;/p&gt;
{ &quot;_id&quot; : ObjectId(&quot;51cec37684ae2f40a8ef6a9b&quot;), &quot;user&quot; : &quot;gor&quot;, &quot;pwd&quot; : &quot;f5faa32210f2c4c281f375b0299069f2&quot;, &quot;roles&quot; : [ &quot;read&quot; ] }
&lt;p&gt;&amp;gt; db.auth(&apos;gor&apos;, &apos;gor&apos;)&lt;br/&gt;
1&lt;br/&gt;
&amp;gt; db.himal.insert(&lt;/p&gt;
{cat : 89890898}
&lt;p&gt;)  //this should have failed&lt;br/&gt;
&amp;gt; &lt;/p&gt;</description>
                <environment>Ubuntu 10.04</environment>
        <key id="80778">SERVER-10063</key>
            <summary>Authenticating as 2 users on the same DB, the privileges of latest authenticated user should take effect but does not</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="spencer@mongodb.com">Spencer Brody</assignee>
                                    <reporter username="rkshakya">Ravi Shakya</reporter>
                        <labels>
                    </labels>
                <created>Sat, 29 Jun 2013 12:30:30 +0000</created>
                <updated>Wed, 10 Dec 2014 23:11:05 +0000</updated>
                            <resolved>Mon, 1 Jul 2013 15:35:37 +0000</resolved>
                                    <version>2.4.3</version>
                                                    <component>Security</component>
                                        <votes>0</votes>
                                    <watches>3</watches>
                                                                                                                <comments>
                            <comment id="371693" author="spencer" created="Mon, 1 Jul 2013 15:35:26 +0000"  >&lt;p&gt;This is working as designed.&lt;/p&gt;

&lt;p&gt;You can only have 1 user logged per database on each connection, however the user &quot;mampakha&quot; is from the &quot;test&quot; database, while the user &quot;gor&quot; is from the &quot;admin&quot; database.  We allow one connection to have multiple authentications so long as each authenticated user is from a different database.  If you want to lose the privileges acquired via the &quot;mampakha&quot; user, you&apos;ll have to log out of the &quot;test&quot; database explicitly.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Mon, 1 Jul 2013 15:35:26 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        10 years, 33 weeks, 2 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            10 years, 33 weeks, 2 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                        <customfield id="customfield_10000" key="com.atlassian.jira.plugin.system.customfieldtypes:radiobuttons">
                        <customfieldname>Old_Backport</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10000"><![CDATA[No]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>rkshakya</customfieldvalue>
            <customfieldvalue>spencer@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrmonz:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hrrf4v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>73836</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|ht01ov:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>