Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8327

Possible to create user with invalid role.

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Won't Fix
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 2.3.2
    • Component/s: Security
    • None
    • ALL 

      db.addUser({user:'admin', pwd:'password', roles:['nonsenseRole']})

      succeeds and inserts the document into system.users. Authenticating with that user will also succeed, though no privileges will be granted (in the logs there's a message "Privilege acquisition failed for admin@admin in database admin: No such role, nonsenseRole, in database admin (BadValue)")

            Assignee:
            spencer@mongodb.com Spencer Brody (Inactive)
            Reporter:
            spencer@mongodb.com Spencer Brody (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: