<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Thu Feb 08 04:09:48 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[SERVER-25655] mongodb permission issues</title>
                <link>https://jira.mongodb.org/browse/SERVER-25655</link>
                <project id="10000" key="SERVER">Core Server</project>
                    <description>&lt;p&gt;Hey Guys&lt;/p&gt;

&lt;p&gt;I have been observing some strange permissions related behaviour in mongodb.  &lt;/p&gt;
&lt;ol&gt;
	&lt;li&gt;use db01&lt;/li&gt;
	&lt;li&gt;create user01 with dbOwner role on db01&lt;/li&gt;
	&lt;li&gt;login as user01&lt;/li&gt;
	&lt;li&gt;db.testData.insert({&quot;state&quot;: 1})&lt;/li&gt;
	&lt;li&gt;use db02&lt;/li&gt;
	&lt;li&gt;create user02 with dbOwner role on db02&lt;/li&gt;
	&lt;li&gt;login as user02&lt;/li&gt;
	&lt;li&gt;use db01&lt;/li&gt;
	&lt;li&gt;show collections&lt;/li&gt;
&lt;/ol&gt;


&lt;p&gt;What you should see:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;error you do not have permissions to access db01&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;What you actually see:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;user02 seems to be able to list the tables / collections on db01 without any issues&lt;/li&gt;
&lt;/ul&gt;
</description>
                <environment></environment>
        <key id="309535">SERVER-25655</key>
            <summary>mongodb permission issues</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="3">Duplicate</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="michael.qiu@wdtl.com">asdf01</reporter>
                        <labels>
                    </labels>
                <created>Wed, 17 Aug 2016 03:16:44 +0000</created>
                <updated>Sun, 11 Sep 2016 21:47:22 +0000</updated>
                            <resolved>Fri, 9 Sep 2016 21:04:56 +0000</resolved>
                                    <version>3.0.12</version>
                                                    <component>Admin</component>
                                        <votes>0</votes>
                                    <watches>4</watches>
                                                                                                                <comments>
                            <comment id="1381384" author="michael.qiu@wdtl.com" created="Sun, 11 Sep 2016 21:47:22 +0000"  >&lt;p&gt;Hi @thomas.schubert&lt;/p&gt;

&lt;p&gt;Thanks for your diligence on this issue.  &lt;/p&gt;

&lt;p&gt;You might be right, the cause of these 2 issues might be the same.  &lt;/p&gt;

&lt;p&gt;&amp;gt;  This can be achieved easily using user-defined roles,&lt;br/&gt;
Although the description in the other ticket makes the issue sound slightly more edge case.  Whereas in my scenario, I had the symptom with one of the built in roles, dbOwner.  Thanks.&lt;/p&gt;
</comment>
                            <comment id="1380970" author="thomas.schubert" created="Fri, 9 Sep 2016 21:04:56 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=michael.qiu%40wdtl.com&quot; class=&quot;user-hover&quot; rel=&quot;michael.qiu@wdtl.com&quot;&gt;michael.qiu@wdtl.com&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;Thank you for your feedback. I understand that it takes time to construct clear reproduction steps and appreciate the time you took to open this ticket. I have taken another look, and believe that the issue you describe is a duplicate of &lt;a href=&quot;https://jira.mongodb.org/browse/SERVER-25804&quot; title=&quot;The listCollections command does not take the user&amp;#39;s permissions into account&quot; class=&quot;issue-link&quot; data-issue-key=&quot;SERVER-25804&quot;&gt;&lt;del&gt;SERVER-25804&lt;/del&gt;&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Sorry for the confusion,&lt;br/&gt;
Thomas&lt;/p&gt;</comment>
                            <comment id="1377803" author="michael.qiu@wdtl.com" created="Tue, 6 Sep 2016 22:03:55 +0000"  >&lt;p&gt;Hi @thomas.schubert.  Thanks for following up on this issue.  Please feel free to close this issue.  I am not prepared to spend any more time with mongodb support.  Most of my interactions with mongodb support have been unproductive and painful.  I can&apos;t be any clearer with the reproduction steps without feeling the need to prepare bibs and an airplane shaped spoon.  All the best with everything else. &lt;/p&gt;</comment>
                            <comment id="1377577" author="thomas.schubert" created="Tue, 6 Sep 2016 18:44:02 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=michael.qiu%40wdtl.com&quot; class=&quot;user-hover&quot; rel=&quot;michael.qiu@wdtl.com&quot;&gt;michael.qiu@wdtl.com&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;So we can continue to investigate, would you please clarify the steps to reproduce this issue as Ramon requested?&lt;/p&gt;

&lt;p&gt;Additionally, please provide the privileges of each user.&lt;/p&gt;

&lt;p&gt;Thank you,&lt;br/&gt;
Thomas&lt;/p&gt;</comment>
                            <comment id="1360422" author="ramon.fernandez" created="Thu, 18 Aug 2016 00:29:50 +0000"  >&lt;p&gt;&lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=michael.qiu%40wdtl.com&quot; class=&quot;user-hover&quot; rel=&quot;michael.qiu@wdtl.com&quot;&gt;michael.qiu@wdtl.com&lt;/a&gt;, I&apos;ve reopened this ticket, but in order for us to investigate, can you please elaborate on the problem?&lt;/p&gt;

&lt;p&gt;In particular, in the original description it is not clear what operations you&apos;re launching from a shell (or from which shell), and which are new shell processes.&lt;/p&gt;

&lt;p&gt;It would also be useful for you to copy here the privileges of each user as reported by &lt;a href=&quot;https://docs.mongodb.com/manual/tutorial/manage-users-and-roles/#view-a-user-s-roles&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;&lt;tt&gt;db.getUser()&lt;/tt&gt;&lt;/a&gt;.&lt;/p&gt;

&lt;p&gt;Thanks,&lt;br/&gt;
Ram&#243;n.&lt;/p&gt;</comment>
                            <comment id="1360411" author="michael.qiu@wdtl.com" created="Thu, 18 Aug 2016 00:12:44 +0000"  >&lt;p&gt;Hi @thomas.schubert&lt;/p&gt;

&lt;p&gt;Thanks for looking into this issue.  Sorry I described the problem badly.  I was trying to be succinct, but the terms I used gave you the impression I was trying to describe a different mongodb WTF.  &lt;/p&gt;

&lt;p&gt;What I meant by &quot;login as user02&quot; is logging in via the mongo shell:&lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;mongo --port 27000 --username user02 --password user02Pw db02&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;and not &lt;/p&gt;
&lt;p/&gt;
&lt;div id=&quot;syntaxplugin&quot; class=&quot;syntaxplugin&quot; style=&quot;border: 1px dashed #bbb; border-radius: 5px !important; overflow: auto; max-height: 30em;&quot;&gt;
&lt;table cellspacing=&quot;0&quot; cellpadding=&quot;0&quot; border=&quot;0&quot; width=&quot;100%&quot; style=&quot;font-size: 1em; line-height: 1.4em !important; font-weight: normal; font-style: normal; color: black;&quot;&gt;
		&lt;tbody &gt;
				&lt;tr id=&quot;syntaxplugin_code_and_gutter&quot;&gt;
						&lt;td  style=&quot; line-height: 1.4em !important; padding: 0em; vertical-align: top;&quot;&gt;
					&lt;pre style=&quot;font-size: 1em; margin: 0 10px;  margin-top: 10px;   margin-bottom: 10px;  width: auto; padding: 0;&quot;&gt;&lt;span style=&quot;color: black; font-family: &apos;Consolas&apos;, &apos;Bitstream Vera Sans Mono&apos;, &apos;Courier New&apos;, Courier, monospace !important;&quot;&gt;db.auth(&quot;user02&quot;, &quot;user02Pw&quot;)&lt;/span&gt;&lt;/pre&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
			&lt;/tbody&gt;
&lt;/table&gt;
&lt;/div&gt;
&lt;p/&gt;
&lt;p&gt;in an existing mongo shell session where I&apos;m already logged in as user01&lt;/p&gt;

&lt;p&gt;Please give this a try.  Thanks.&lt;/p&gt;</comment>
                            <comment id="1360315" author="thomas.schubert" created="Wed, 17 Aug 2016 23:00:30 +0000"  >&lt;p&gt;Hi &lt;a href=&quot;https://jira.mongodb.org/secure/ViewProfile.jspa?name=michael.qiu%40wdtl.com&quot; class=&quot;user-hover&quot; rel=&quot;michael.qiu@wdtl.com&quot;&gt;michael.qiu@wdtl.com&lt;/a&gt;,&lt;/p&gt;

&lt;p&gt;This is the expected behavior. You can be logged in on different databases with several users concurrently in the shell. In this case, you will have the collective permissions of all authenticated users. If you do not want to be authenticated on a particular database you can execute &lt;a href=&quot;https://docs.mongodb.com/manual/reference/method/db.logout/&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;db.logout()&lt;/a&gt; on the same database.&lt;/p&gt;

&lt;p&gt;I have opened &lt;a href=&quot;https://jira.mongodb.org/browse/DOCS-8620&quot; title=&quot;Clarify that authentication on multiple databases will provide collective permissions&quot; class=&quot;issue-link&quot; data-issue-key=&quot;DOCS-8620&quot;&gt;&lt;del&gt;DOCS-8620&lt;/del&gt;&lt;/a&gt; to clarify this behavior in our documentation.&lt;/p&gt;

&lt;p&gt;Kind regards,&lt;br/&gt;
Thomas&lt;/p&gt;</comment>
                            <comment id="1359177" author="michael.qiu@wdtl.com" created="Wed, 17 Aug 2016 03:19:05 +0000"  >&lt;p&gt;Sorry, it should read:&lt;/p&gt;

&lt;p&gt;What you should see:&lt;/p&gt;
&lt;ul class=&quot;alternate&quot; type=&quot;square&quot;&gt;
	&lt;li&gt;error you do not have permissions to access db01&lt;/li&gt;
&lt;/ul&gt;


&lt;p&gt;But it seems I don&apos;t have permissions to edit tickets.  &lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10010">
                    <name>Duplicate</name>
                                            <outwardlinks description="duplicates">
                                        <issuelink>
            <issuekey id="311430">SERVER-25804</issuekey>
        </issuelink>
                            </outwardlinks>
                                                        </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                <customfield id="customfield_10050" key="com.atlassian.jira.toolkit:comments">
                        <customfieldname># Replies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>8.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10055" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>Date of 1st Reply</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Wed, 17 Aug 2016 03:19:44 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10052" key="com.atlassian.jira.toolkit:dayslastcommented">
                        <customfieldname>Days since reply</customfieldname>
                        <customfieldvalues>
                                        7 years, 22 weeks, 3 days ago
    
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_18254" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Dependencies</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue><![CDATA[]]></customfieldvalue>


                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10057" key="com.atlassian.jira.toolkit:lastusercommented">
                        <customfieldname>Last comment by Customer</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>true</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10056" key="com.atlassian.jira.toolkit:lastupdaterorcommenter">
                        <customfieldname>Last commenter</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>michael.qiu@wdtl.com</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_11151" key="com.atlassian.jira.toolkit:LastCommentDate">
                        <customfieldname>Last public comment date</customfieldname>
                        <customfieldvalues>
                            7 years, 22 weeks, 3 days ago
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                    <customfield id="customfield_10032" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Operating System</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10026"><![CDATA[ALL]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_10051" key="com.atlassian.jira.toolkit:participants">
                        <customfieldname>Participants</customfieldname>
                        <customfieldvalues>
                                        <customfieldvalue>michael.qiu@wdtl.com</customfieldvalue>
            <customfieldvalue>kelsey.schubert@mongodb.com</customfieldvalue>
            <customfieldvalue>ramon.fernandez@mongodb.com</customfieldvalue>
    
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                        <customfield id="customfield_14254" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Product Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hrjyrb:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hsosb3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_23361" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Requested By</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            <customfield id="customfield_10053" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>Time In Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_22870" key="com.onresolve.jira.groovy.groovyrunner:scripted-field">
                        <customfieldname>Triagers</customfieldname>
                        <customfieldvalues>
                                

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_14350" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>serverRank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>1|hsenh3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>