SERVER-13833 userAdminAnyDatabase role should be able to create and drop indexes on admin.system.users and admin.system.roles

author: Amalia Hawkins <amalia.hawkins@10gen.com> 2014-07-24 16:11:50 -0400
committer: Amalia Hawkins <amalia.hawkins@10gen.com> 2014-07-28 14:07:15 -0400
commit: 9b93692f665a506dcc00ed989eb1f31741dea53c (patch)
tree: 02cacbc507b5b8243d447f3a0355ca3fc4410e22 /src/mongo/db/auth/role_graph_builtin_roles.cpp
parent: 172d4f6f8bd09d0b2b77d9fb3bf280d01cfb72a1 (diff)
download: mongo-9b93692f665a506dcc00ed989eb1f31741dea53c.tar.gz
1 files changed, 8 insertions, 2 deletions
diff --git a/src/mongo/db/auth/role_graph_builtin_roles.cpp b/src/mongo/db/auth/role_graph_builtin_roles.cpp
index f04cb71430a..a057c3d2881 100644
--- a/src/mongo/db/auth/role_graph_builtin_roles.cpp
+++ b/src/mongo/db/auth/role_graph_builtin_roles.cpp
@@ -355,6 +355,12 @@ namespace {
         Privilege::addPrivilegeToPrivilegeVector(
                 privileges,
                 Privilege(ResourcePattern::forClusterResource(), ActionType::invalidateUserCache));
+
+
+        ActionSet readRoleAndIndexActions;
+        readRoleAndIndexActions += readRoleActions;
+        readRoleAndIndexActions << ActionType::createIndex << ActionType::dropIndex;
+
         Privilege::addPrivilegeToPrivilegeVector(
                 privileges,
                 Privilege(ResourcePattern::forCollectionName("system.users"),
@@ -363,12 +369,12 @@ namespace {
                 privileges,
                 Privilege(ResourcePattern::forExactNamespace(
                                   AuthorizationManager::usersCollectionNamespace),
-                          readRoleActions));
+                          readRoleAndIndexActions));
         Privilege::addPrivilegeToPrivilegeVector(
                 privileges,
                 Privilege(ResourcePattern::forExactNamespace(
                                   AuthorizationManager::rolesCollectionNamespace),
-                          readRoleActions));
+                          readRoleAndIndexActions));
         Privilege::addPrivilegeToPrivilegeVector(
                 privileges,
                 Privilege(ResourcePattern::forExactNamespace(
author	Amalia Hawkins <amalia.hawkins@10gen.com>	2014-07-24 16:11:50 -0400
committer	Amalia Hawkins <amalia.hawkins@10gen.com>	2014-07-28 14:07:15 -0400
commit	9b93692f665a506dcc00ed989eb1f31741dea53c (patch)
tree	02cacbc507b5b8243d447f3a0355ca3fc4410e22 /src/mongo/db/auth/role_graph_builtin_roles.cpp
parent	172d4f6f8bd09d0b2b77d9fb3bf280d01cfb72a1 (diff)
download	mongo-9b93692f665a506dcc00ed989eb1f31741dea53c.tar.gz