Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-26577

Permissions are different for listCollections and listCollections getmore

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 3.5.7
    • Affects Version/s: 3.0.12, 3.2.10, 3.4.0-rc0
    • Component/s: Querying
    • Fully Compatible
    • ALL
    • Hide

      1. Create a user who lacks the 'listCollections' permission but does have the read permission on the system.namespaces collection.
      2. Call the listCollections command with a batchSize of 0 as this user.
      3. Call getmore on the returned cursor as the same user.

      Show
      1. Create a user who lacks the 'listCollections' permission but does have the read permission on the system.namespaces collection. 2. Call the listCollections command with a batchSize of 0 as this user. 3. Call getmore on the returned cursor as the same user.
    • Query 2017-05-08

      A call to listCollections that does not define a batchSize will generally return all collections in a single batch. This call requires either the listCollections permission or the read permission on the system.namespaces collection. However, if you call listCollections with a batchSize of 0 and then try to call getmore on the cursor that is returned, the getmore call does not take the system.namespaces permission into account. This results in cases where a user can call the listCollections action successfully but can not call getmore on the returned cursor. Some drivers, such as the Java driver, specifically send a batchSize of 0 when making this call, which can cause this problem to manifest itself.

            Assignee:
            justin.seyster@mongodb.com Justin Seyster
            Reporter:
            andrew.young Andrew Young
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: