Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-38867

"show collections" no longer lists system.* collections

    • Minor Change
    • ALL
    • v4.0
    • Sharding 2019-01-14, Sharding 2019-01-28, Sharding 2019-02-11, Sharding 2019-02-25, Sharding 2019-03-11, Sharding 2019-03-25, Sharding 2019-05-20

      On SERVER-32942 the authorizedCollections optional parameter was added to the listCollections command, and the show collections shell helper was modified to pass true for this parameter.

      However, this has the unintended consequence of preventing system.* collections from being listed in the output of show collections, even when auth is off or specific privileges to system collections have been granted. This is a backward breaking change in behaviour, which might lead users to make incorrect deductions about the state of the db (based on the apparent non-presence of system collections of interest).

      The reason for this is that the blacklisting of system collections on SERVER-32942 is too heavy handed, and should instead be relaxed to return system collections that the logged-in user has privileges to. The example behaviours below are all on a freshly initialised standalone/sharded cluster.

      Auth disabled

      Setup:

      use admin
      
      Standalone/Replset: Current behaviour Standalone/Replset: Desired behaviour
      > show collections
      >
      
      
      > show collections
      system.version
      >
      
      Sharded: Current behaviour Sharded: Desired behaviour
      mongos> show collections
      mongos>
      
      
      
      mongos> show collections
      system.keys
      system.version
      mongos>
      

      Auth enabled

      Setup:

      use admin
      db.auth("root", "root")
      
      db.createRole( { role: "syscoll", privileges: [ { resource: { db: "admin", collection: "system.version" }, actions: [ "find" ] } ], roles: [] } )
      db.createRole( { role: "admindb", privileges: [ { resource: { db: "admin", collection: "" },               actions: [ "find" ] } ], roles: [] } )
      
      db.createUser( { user: "test-syscoll", pwd: "test", roles: [ "syscoll" ] } )
      db.createUser( { user: "test-admindb", pwd: "test", roles: [ "admindb" ] } )
      db.createUser( { user: "test-both",    pwd: "test", roles: [ "admindb", "syscoll" ] } )
      
      db.createCollection("testcoll")
      
      Standalone/Replset: Current behaviour Standalone/Replset: Desired behaviour
      > db.auth("test-syscoll", "test")
      1
      > show collections
      >
      
      
      > db.auth("test-admindb", "test")
      1
      > show collections
      testcoll
      >
      
      > db.auth("test-both", "test")
      1
      > show collections
      testcoll
      >
      
      
      > db.auth("test-syscoll", "test")
      1
      > show collections
      system.version
      >
      
      > db.auth("test-admindb", "test")
      1
      > show collections
      testcoll
      >
      
      > db.auth("test-both", "test")
      1
      > show collections
      system.version
      testcoll
      >
      
      Sharded: Current behaviour Sharded: Desired behaviour
      mongos> db.auth("test-syscoll", "test")
      1
      mongos> show collections
      mongos>
      
      
      mongos> db.auth("test-admindb", "test")
      1
      mongos> show collections
      testcoll
      mongos>
      
      mongos> db.auth("test-both", "test")
      1
      mongos> show collections
      testcoll
      mongos>
      
      
      mongos> db.auth("test-syscoll", "test")
      1
      mongos> show collections
      system.version
      mongos>
      
      mongos> db.auth("test-admindb", "test")
      1
      mongos> show collections
      testcoll
      mongos>
      
      mongos> db.auth("test-both", "test")
      1
      mongos> show collections
      system.version
      testcoll
      mongos>
      

            Assignee:
            kevin.pulo@mongodb.com Kevin Pulo
            Reporter:
            kevin.pulo@mongodb.com Kevin Pulo
            Votes:
            1 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated:
              Resolved: