summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--jstests/auth/lib/commands_lib.js8
-rw-r--r--src/mongo/db/auth/role_graph_builtin_roles.cpp1
2 files changed, 5 insertions, 4 deletions
diff --git a/jstests/auth/lib/commands_lib.js b/jstests/auth/lib/commands_lib.js
index 2f4f3a6ee8b..c991c5c63e0 100644
--- a/jstests/auth/lib/commands_lib.js
+++ b/jstests/auth/lib/commands_lib.js
@@ -3130,7 +3130,7 @@ var authCommandsLib = {
testcases: [
{
runOnDb: adminDbName,
- roles: roles_monitoring,
+ roles: Object.extend({backup: 1}, roles_monitoring),
privileges: [{resource: {cluster: true}, actions: ["serverStatus"]}]
},
{runOnDb: firstDbName, roles: {}, expectFail: true},
@@ -5478,17 +5478,17 @@ var authCommandsLib = {
testcases: [
{
runOnDb: adminDbName,
- roles: roles_monitoring,
+ roles: Object.extend({backup: 1}, roles_monitoring),
privileges: [{resource: {cluster: true}, actions: ["serverStatus"]}]
},
{
runOnDb: firstDbName,
- roles: roles_monitoring,
+ roles: Object.extend({backup: 1}, roles_monitoring),
privileges: [{resource: {cluster: true}, actions: ["serverStatus"]}]
},
{
runOnDb: secondDbName,
- roles: roles_monitoring,
+ roles: Object.extend({backup: 1}, roles_monitoring),
privileges: [{resource: {cluster: true}, actions: ["serverStatus"]}]
}
]
diff --git a/src/mongo/db/auth/role_graph_builtin_roles.cpp b/src/mongo/db/auth/role_graph_builtin_roles.cpp
index dd8bb4a8a15..0ac352e86ad 100644
--- a/src/mongo/db/auth/role_graph_builtin_roles.cpp
+++ b/src/mongo/db/auth/role_graph_builtin_roles.cpp
@@ -525,6 +525,7 @@ void addQueryableBackupPrivileges(PrivilegeVector* privileges) {
void addBackupPrivileges(PrivilegeVector* privileges) {
ActionSet clusterActions;
clusterActions << ActionType::appendOplogNote; // For BRS
+ clusterActions << ActionType::serverStatus; // For push based initial sync
Privilege::addPrivilegeToPrivilegeVector(
privileges, Privilege(ResourcePattern::forClusterResource(), clusterActions));