-
Type: Bug
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: None
-
Sharding NYC
-
Fully Compatible
-
ALL
I'm logged in as a user with the "root" role
[direct: mongos] admin> db.runCommand({connectionStatus:1}) { authInfo: { authenticatedUsers: [ { user: 'admin', db: 'admin' } ], authenticatedUserRoles: [ { role: 'root', db: 'admin' } ] }, ok: 1, '$clusterTime': { clusterTime: Timestamp({ t: 1678422366, i: 1 }), signature: { hash: Binary(Buffer.from("caabfec785f45dd5f8a7ae0ddfe87a213a7b29ab", "hex"), 0), keyId: Long("7208009756202500117") } }, operationTime: Timestamp({ t: 1678422366, i: 1 }) }
But I can't run the transitionToDedicatedConfigServer command
[direct: mongos] admin> db.adminCommand({ transitionToDedicatedConfigServer: 1 }); MongoServerError: not authorized on admin to execute command { transitionToDedicatedConfigServer: 1, lsid: { id: UUID("9b4c914a-68c2-4429-80c5-1a4c210c980c") }, $clusterTime: { clusterTime: Timestamp(1678422366, 1), signature: { hash: BinData(0, CAABFEC785F45DD5F8A7AE0DDFE87A213A7B29AB), keyId: 7208009756202500117 } }, $db: "admin" }
However, this is just a wrapper around removeShard, and I can still run removeShard
[direct: mongos] admin> db.adminCommand({removeShard: "config"}) { msg: 'draining started successfully', state: 'started', shard: 'config', note: 'you need to drop or movePrimary these databases', dbsToMove: [ 'test' ], ok: 1, '$clusterTime': { clusterTime: Timestamp({ t: 1678422410, i: 2 }), signature: { hash: Binary(Buffer.from("00ed9d2573b2779304bcde3c54c1c8a9a0fef5b2", "hex"), 0), keyId: Long("7208009756202500117") } }, operationTime: Timestamp({ t: 1678422410, i: 2 }) }
- depends on
-
SERVER-75085 Add catalog shard transition command actions to clusterManager role
- Closed
- related to
-
SERVER-74705 removeShard should not be allowed for config shard
- Closed