diff options
author | Spencer T Brody <spencer@10gen.com> | 2013-11-06 18:33:28 -0500 |
---|---|---|
committer | Spencer T Brody <spencer@10gen.com> | 2013-11-08 14:12:21 -0500 |
commit | 490ffed0e9aaad65ff421a3e620d8eee7e68b686 (patch) | |
tree | c67979b85ad900e16bd4666d241220a0da03f8f7 /src/mongo/db/auth/role_graph_builtin_roles.cpp | |
parent | c9d07bdb8f92ec72c9ca8ddf6db821a2e087b3d0 (diff) | |
download | mongo-490ffed0e9aaad65ff421a3e620d8eee7e68b686.tar.gz |
Make sure cluster roles have access to system collections in config db
Diffstat (limited to 'src/mongo/db/auth/role_graph_builtin_roles.cpp')
-rw-r--r-- | src/mongo/db/auth/role_graph_builtin_roles.cpp | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/mongo/db/auth/role_graph_builtin_roles.cpp b/src/mongo/db/auth/role_graph_builtin_roles.cpp index e66bb4781c1..9e59bcb9ace 100644 --- a/src/mongo/db/auth/role_graph_builtin_roles.cpp +++ b/src/mongo/db/auth/role_graph_builtin_roles.cpp @@ -410,9 +410,10 @@ namespace { privileges, Privilege(ResourcePattern::forAnyNormalResource(), clusterMonitorRoleDatabaseActions)); + addReadOnlyDbPrivileges(privileges, "config"); Privilege::addPrivilegeToPrivilegeVector( privileges, - Privilege(ResourcePattern::forDatabaseName("config"), readRoleActions)); + Privilege(ResourcePattern::forCollectionName("system.profile"), ActionType::find)); } void addHostManagerPrivileges(PrivilegeVector* privileges) { @@ -433,9 +434,8 @@ namespace { privileges, Privilege(ResourcePattern::forAnyNormalResource(), clusterManagerRoleDatabaseActions)); - Privilege::addPrivilegeToPrivilegeVector( - privileges, - Privilege(ResourcePattern::forDatabaseName("config"), readRoleActions)); + addReadOnlyDbPrivileges(privileges, "config"); + ActionSet configSettingsActions; configSettingsActions << ActionType::insert << ActionType::update << ActionType::remove; Privilege::addPrivilegeToPrivilegeVector( |