Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-8491

Users with role "userAdminAnyDatabase" cannot create a database's first user

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.4.0-rc1
    • Affects Version/s: 2.4.0-rc0
    • Component/s: Security
    • None
    • ALL

      Reproduce with the following:

      adminDb = db.getSiblingDB("admin")
      testDb = db.getSiblingDB("testdb")
      adminDb.addUser({user:'admin',pwd:'password',roles:['userAdminAnyDatabase']})
      adminDb.auth('admin','password')
      testDb.addUser({user:'readUser',pwd:'password',roles:['read']})
      

      When run against mongod --auth, version 2.4.0-rc0:

      Fri Feb  8 17:23:28.298 [conn1] insert testdb.system.users keyUpdates:0 exception: not authorized to create index on testdb.system.users code:16548 locks(micros) w:578348 578ms
      

      The above failure occurs because user admin does not have readWrite on testdb, and the insert into testdb.system.users fails during the index creation step.

            Assignee:
            spencer@mongodb.com Spencer Brody (Inactive)
            Reporter:
            rassi J Rassi
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: