From 490ffed0e9aaad65ff421a3e620d8eee7e68b686 Mon Sep 17 00:00:00 2001
From: Spencer T Brody <spencer@10gen.com>
Date: Wed, 6 Nov 2013 18:33:28 -0500
Subject: Make sure cluster roles have access to system collections in config
 db

---
 src/mongo/db/auth/role_graph_builtin_roles.cpp | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'src/mongo/db/auth/role_graph_builtin_roles.cpp')

diff --git a/src/mongo/db/auth/role_graph_builtin_roles.cpp b/src/mongo/db/auth/role_graph_builtin_roles.cpp
index e66bb4781c1..9e59bcb9ace 100644
--- a/src/mongo/db/auth/role_graph_builtin_roles.cpp
+++ b/src/mongo/db/auth/role_graph_builtin_roles.cpp
@@ -410,9 +410,10 @@ namespace {
                 privileges,
                 Privilege(ResourcePattern::forAnyNormalResource(),
                           clusterMonitorRoleDatabaseActions));
+        addReadOnlyDbPrivileges(privileges, "config");
         Privilege::addPrivilegeToPrivilegeVector(
                 privileges,
-                Privilege(ResourcePattern::forDatabaseName("config"), readRoleActions));
+                Privilege(ResourcePattern::forCollectionName("system.profile"), ActionType::find));
     }
 
     void addHostManagerPrivileges(PrivilegeVector* privileges) {
@@ -433,9 +434,8 @@ namespace {
                 privileges,
                 Privilege(ResourcePattern::forAnyNormalResource(),
                           clusterManagerRoleDatabaseActions));
-        Privilege::addPrivilegeToPrivilegeVector(
-                privileges,
-                Privilege(ResourcePattern::forDatabaseName("config"), readRoleActions));
+        addReadOnlyDbPrivileges(privileges, "config");
+
         ActionSet configSettingsActions;
         configSettingsActions << ActionType::insert << ActionType::update << ActionType::remove;
         Privilege::addPrivilegeToPrivilegeVector(
-- 
cgit v1.2.1