diff options
-rw-r--r-- | jstests/auth/lib/commands_lib.js | 8 | ||||
-rw-r--r-- | src/mongo/db/auth/role_graph_builtin_roles.cpp | 1 |
2 files changed, 5 insertions, 4 deletions
diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js index 2f4f3a6ee8b..c991c5c63e0 100644 --- a/jstests/auth/lib/commands_lib.js +++ b/jstests/auth/lib/commands_lib.js @@ -3130,7 +3130,7 @@ var authCommandsLib = { testcases: [ { runOnDb: adminDbName, - roles: roles_monitoring, + roles: Object.extend({backup: 1}, roles_monitoring), privileges: [{resource: {cluster: true}, actions: ["serverStatus"]}] }, {runOnDb: firstDbName, roles: {}, expectFail: true}, @@ -5478,17 +5478,17 @@ var authCommandsLib = { testcases: [ { runOnDb: adminDbName, - roles: roles_monitoring, + roles: Object.extend({backup: 1}, roles_monitoring), privileges: [{resource: {cluster: true}, actions: ["serverStatus"]}] }, { runOnDb: firstDbName, - roles: roles_monitoring, + roles: Object.extend({backup: 1}, roles_monitoring), privileges: [{resource: {cluster: true}, actions: ["serverStatus"]}] }, { runOnDb: secondDbName, - roles: roles_monitoring, + roles: Object.extend({backup: 1}, roles_monitoring), privileges: [{resource: {cluster: true}, actions: ["serverStatus"]}] } ] diff --git a/src/mongo/db/auth/role_graph_builtin_roles.cpp b/src/mongo/db/auth/role_graph_builtin_roles.cpp index dd8bb4a8a15..0ac352e86ad 100644 --- a/src/mongo/db/auth/role_graph_builtin_roles.cpp +++ b/src/mongo/db/auth/role_graph_builtin_roles.cpp @@ -525,6 +525,7 @@ void addQueryableBackupPrivileges(PrivilegeVector* privileges) { void addBackupPrivileges(PrivilegeVector* privileges) { ActionSet clusterActions; clusterActions << ActionType::appendOplogNote; // For BRS + clusterActions << ActionType::serverStatus; // For push based initial sync Privilege::addPrivilegeToPrivilegeVector( privileges, Privilege(ResourcePattern::forClusterResource(), clusterActions)); |