ISSUE SUMMARY
The dbAdmin role has the permission to drop the system.profile collection, but does not have permissions to create it (e.g. for resizing).
USER IMPACT
Admin users may drop the system.profile collection in an attempt to resize it but are then unable to re-create the new collection manually.
WORKAROUNDS
Create a new user-defined role that grants the necessary permissions and add that role to a user, as described in this comment.
AFFECTED VERSIONS
All production releases from 2.6.0 to 2.6.3 are affected by the bug.
FIX VERSION
The fix is included in the 2.6.4 production release.
RESOLUTION DETAILS
Added the permission to create system.profile collections to the dbAdmin role.
Original description
I am trying to increase the size of my profiling collection as per the instructions. Version is 2.6.0 . I am logged in as "root" user on the admin db. It fails with error
- "not authorized on admin to execute command"
Shard-0:PRIMARY> db.system.profile.drop(); true Shard-0:PRIMARY> db.createCollection( "system.profile", { capped: true, size:4000000 } ); { "ok" : 0, "errmsg" : "not authorized on admin to execute command { create: \"system.profile\", capped: true, size: 4000000.0 }", "code" : 13 } Shard-0:PRIMARY> show users; { "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "MONGODB-CR" : "951e7b3e49c49caf2b4c8819a11e7e29" }, "roles" : [ { "role" : "root", "db" : "admin" }, { "role" : "restore", "db" : "admin" } ] }
- is related to
-
SERVER-16944 dbAdminAnyDatabase should have full parity with dbAdmin for a given database
- Closed