summaryrefslogtreecommitdiff
path: root/src/mongo/db/auth/role_graph_builtin_roles.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'src/mongo/db/auth/role_graph_builtin_roles.cpp')
-rw-r--r--src/mongo/db/auth/role_graph_builtin_roles.cpp40
1 files changed, 0 insertions, 40 deletions
diff --git a/src/mongo/db/auth/role_graph_builtin_roles.cpp b/src/mongo/db/auth/role_graph_builtin_roles.cpp
index 8f096ac641d..d9875a20f96 100644
--- a/src/mongo/db/auth/role_graph_builtin_roles.cpp
+++ b/src/mongo/db/auth/role_graph_builtin_roles.cpp
@@ -261,16 +261,8 @@ void addReadOnlyDbPrivileges(PrivilegeVector* privileges, StringData dbName) {
privileges, Privilege(ResourcePattern::forDatabaseName(dbName), readRoleActions));
Privilege::addPrivilegeToPrivilegeVector(
privileges,
- Privilege(ResourcePattern::forExactNamespace(NamespaceString(dbName, "system.indexes")),
- readRoleActions));
- Privilege::addPrivilegeToPrivilegeVector(
- privileges,
Privilege(ResourcePattern::forExactNamespace(NamespaceString(dbName, "system.js")),
readRoleActions));
- Privilege::addPrivilegeToPrivilegeVector(
- privileges,
- Privilege(ResourcePattern::forExactNamespace(NamespaceString(dbName, "system.namespaces")),
- readRoleActions));
}
void addReadWriteDbPrivileges(PrivilegeVector* privileges, StringData dbName) {
@@ -291,14 +283,6 @@ void addUserAdminDbPrivileges(PrivilegeVector* privileges, StringData dbName) {
void addDbAdminDbPrivileges(PrivilegeVector* privileges, StringData dbName) {
Privilege::addPrivilegeToPrivilegeVector(
privileges, Privilege(ResourcePattern::forDatabaseName(dbName), dbAdminRoleActions));
- Privilege::addPrivilegeToPrivilegeVector(
- privileges,
- Privilege(ResourcePattern::forExactNamespace(NamespaceString(dbName, "system.indexes")),
- readRoleActions));
- Privilege::addPrivilegeToPrivilegeVector(
- privileges,
- Privilege(ResourcePattern::forExactNamespace(NamespaceString(dbName, "system.namespaces")),
- readRoleActions));
ActionSet profileActions = readRoleActions;
profileActions.addAction(ActionType::convertToCapped);
@@ -329,13 +313,7 @@ void addReadOnlyAnyDbPrivileges(PrivilegeVector* privileges) {
Privilege::addPrivilegeToPrivilegeVector(
privileges, Privilege(ResourcePattern::forClusterResource(), ActionType::listDatabases));
Privilege::addPrivilegeToPrivilegeVector(
- privileges,
- Privilege(ResourcePattern::forCollectionName("system.indexes"), readRoleActions));
- Privilege::addPrivilegeToPrivilegeVector(
privileges, Privilege(ResourcePattern::forCollectionName("system.js"), readRoleActions));
- Privilege::addPrivilegeToPrivilegeVector(
- privileges,
- Privilege(ResourcePattern::forCollectionName("system.namespaces"), readRoleActions));
}
void addReadWriteAnyDbPrivileges(PrivilegeVector* privileges) {
@@ -402,12 +380,6 @@ void addDbAdminAnyDbPrivileges(PrivilegeVector* privileges) {
privileges, Privilege(ResourcePattern::forClusterResource(), ActionType::listDatabases));
Privilege::addPrivilegeToPrivilegeVector(
privileges, Privilege(ResourcePattern::forAnyNormalResource(), dbAdminRoleActions));
- Privilege::addPrivilegeToPrivilegeVector(
- privileges,
- Privilege(ResourcePattern::forCollectionName("system.indexes"), readRoleActions));
- Privilege::addPrivilegeToPrivilegeVector(
- privileges,
- Privilege(ResourcePattern::forCollectionName("system.namespaces"), readRoleActions));
ActionSet profileActions = readRoleActions;
profileActions.addAction(ActionType::convertToCapped);
profileActions.addAction(ActionType::createCollection);
@@ -509,14 +481,6 @@ void addQueryableBackupPrivileges(PrivilegeVector* privileges) {
privileges, Privilege(ResourcePattern::forDatabaseName("local"), ActionType::find));
Privilege::addPrivilegeToPrivilegeVector(
- privileges,
- Privilege(ResourcePattern::forCollectionName("system.indexes"), ActionType::find));
-
- Privilege::addPrivilegeToPrivilegeVector(
- privileges,
- Privilege(ResourcePattern::forCollectionName("system.namespaces"), ActionType::find));
-
- Privilege::addPrivilegeToPrivilegeVector(
privileges, Privilege(ResourcePattern::forCollectionName("system.js"), ActionType::find));
Privilege::addPrivilegeToPrivilegeVector(
@@ -585,10 +549,6 @@ void addRestorePrivileges(PrivilegeVector* privileges) {
Privilege::addPrivilegeToPrivilegeVector(
privileges, Privilege(ResourcePattern::forCollectionName("system.js"), actions));
- // Need to be able to query system.namespaces to check existing collection options.
- Privilege::addPrivilegeToPrivilegeVector(
- privileges,
- Privilege(ResourcePattern::forCollectionName("system.namespaces"), ActionType::find));
Privilege::addPrivilegeToPrivilegeVector(
privileges, Privilege(ResourcePattern::forAnyResource(), ActionType::listCollections));
View Lorry Controller Status