The _shardsvrConvertToCapped command has been introduced in v8.0 and allows any user with the internal privilege action to convert a collection to capped. The equivalent router-side command has a different authorization requirement (convertToCapped privilege action). Make sure that this is correct, specifically that it is OK to not check for the convertToCapped privilege action on the shard server because it is implied/superseded by the internal privilege action.
Note that the validation behavior of _shardsvrConvertToCapped is the same as other commands such as _shardsvrDropIndexes so if any change is necessary, it will need to be evaluated for other commands as well.
- related to
-
SERVER-92141 Audit authorization checks for router and shard commands
- Backlog