summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/mongo/db/auth/role_graph_builtin_roles.cpp10
1 files changed, 8 insertions, 2 deletions
diff --git a/src/mongo/db/auth/role_graph_builtin_roles.cpp b/src/mongo/db/auth/role_graph_builtin_roles.cpp
index f04cb71430a..a057c3d2881 100644
--- a/src/mongo/db/auth/role_graph_builtin_roles.cpp
+++ b/src/mongo/db/auth/role_graph_builtin_roles.cpp
@@ -355,6 +355,12 @@ namespace {
Privilege::addPrivilegeToPrivilegeVector(
privileges,
Privilege(ResourcePattern::forClusterResource(), ActionType::invalidateUserCache));
+
+
+ ActionSet readRoleAndIndexActions;
+ readRoleAndIndexActions += readRoleActions;
+ readRoleAndIndexActions << ActionType::createIndex << ActionType::dropIndex;
+
Privilege::addPrivilegeToPrivilegeVector(
privileges,
Privilege(ResourcePattern::forCollectionName("system.users"),
@@ -363,12 +369,12 @@ namespace {
privileges,
Privilege(ResourcePattern::forExactNamespace(
AuthorizationManager::usersCollectionNamespace),
- readRoleActions));
+ readRoleAndIndexActions));
Privilege::addPrivilegeToPrivilegeVector(
privileges,
Privilege(ResourcePattern::forExactNamespace(
AuthorizationManager::rolesCollectionNamespace),
- readRoleActions));
+ readRoleAndIndexActions));
Privilege::addPrivilegeToPrivilegeVector(
privileges,
Privilege(ResourcePattern::forExactNamespace(
View Lorry Controller Status