diff options
| author | Amalia Hawkins <amalia.hawkins@10gen.com> | 2014-07-24 16:11:50 -0400 |
|---|---|---|
| committer | Amalia Hawkins <amalia.hawkins@10gen.com> | 2014-07-28 14:07:15 -0400 |
| commit | 9b93692f665a506dcc00ed989eb1f31741dea53c (patch) | |
| tree | 02cacbc507b5b8243d447f3a0355ca3fc4410e22 /src | |
| parent | 172d4f6f8bd09d0b2b77d9fb3bf280d01cfb72a1 (diff) | |
| download | mongo-9b93692f665a506dcc00ed989eb1f31741dea53c.tar.gz | |
SERVER-13833 userAdminAnyDatabase role should be able to create and drop indexes on admin.system.users and admin.system.roles
Diffstat (limited to 'src')
| -rw-r--r-- | src/mongo/db/auth/role_graph_builtin_roles.cpp | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/src/mongo/db/auth/role_graph_builtin_roles.cpp b/src/mongo/db/auth/role_graph_builtin_roles.cpp index f04cb71430a..a057c3d2881 100644 --- a/src/mongo/db/auth/role_graph_builtin_roles.cpp +++ b/src/mongo/db/auth/role_graph_builtin_roles.cpp @@ -355,6 +355,12 @@ namespace { Privilege::addPrivilegeToPrivilegeVector( privileges, Privilege(ResourcePattern::forClusterResource(), ActionType::invalidateUserCache)); + + + ActionSet readRoleAndIndexActions; + readRoleAndIndexActions += readRoleActions; + readRoleAndIndexActions << ActionType::createIndex << ActionType::dropIndex; + Privilege::addPrivilegeToPrivilegeVector( privileges, Privilege(ResourcePattern::forCollectionName("system.users"), @@ -363,12 +369,12 @@ namespace { privileges, Privilege(ResourcePattern::forExactNamespace( AuthorizationManager::usersCollectionNamespace), - readRoleActions)); + readRoleAndIndexActions)); Privilege::addPrivilegeToPrivilegeVector( privileges, Privilege(ResourcePattern::forExactNamespace( AuthorizationManager::rolesCollectionNamespace), - readRoleActions)); + readRoleAndIndexActions)); Privilege::addPrivilegeToPrivilegeVector( privileges, Privilege(ResourcePattern::forExactNamespace( |