BugZero | MongoDB BugID 94896 - Secondaries are not keeping their role graphs up-t...

OPERATIONAL DEFECT DATABASE

...

BugZero | MongoDB BugID 94896 - Secondaries are not keeping their role graphs up-t...

MongoDB - Defect ID: 94896

Secondaries are not keeping their role graphs up-to-date when admin.system.roles is updated.

MongoDB - Defect ID: 94896

Secondaries are not keeping their role graphs up-to-date when admin.system.roles is updated.

Last updated on July 11th, 2016

BugZero Risk Score
6.2 Medium

Overall: 6.2

Severity: 6.4

Community: 5.5

Lifecycle: 9.1

What is the BugZero Risk Score?

MongoDB Integration

Learn more about where this data comes from

MongoDB Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Priority: Major - P3
Status: Closed

Description

Info

Secondaries and slaves are intended to use the logOp() hook to keep their role graphs up-to-date with replicated changes to the admin.system.roles collection. Unfortunately, secondaries and slaves are bypassing this hook during apply-ops in favor of directly calling one of the hook methods invoked by logOp(). Proposed fix is to ensure that secondaries and slaves call logOp() just like primaries do, though they may decide to run different hook functions than the primary.

Top User Comments

auto commented on Wed, 23 Oct 2013 21:07:46 +0000: Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-11275 Fix build for old GCCs. Branch: master https://github.com/mongodb/mongo/commit/13962a0f8ebbaf0de9db9c10ed4da9aaf607f070 auto commented on Wed, 23 Oct 2013 20:22:52 +0000: Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-11275 Apply relevant oplog entries to authorization manager. Also, reinitialize the AuthorizationManager's data structures after replication initial sync. Branch: master https://github.com/mongodb/mongo/commit/74cdecee315cacadb46d5fe170ce392fb32f3df1 auto commented on Tue, 22 Oct 2013 19:42:18 +0000: Author: {u'username': u'andy10gen', u'name': u'Andy Schwerin', u'email': u'schwerin@10gen.com'} Message: SERVER-11275 Remove some uses of integer literals in oplog code. Branch: master https://github.com/mongodb/mongo/commit/f978484e16c20de3b93c62d46fc3f2fe7e9a1c02

Steps to Reproduce

Start a fresh replicaset with two members, with or without auth enabled. Use the createRole command to create a role r1 on the primary. db.runCommand({createRole: "r1", roles: [], privileges: []}) Look in admin.system.roles on the secondary, to show that the role data is been replicated. db.getSiblingDB("admin").system.roles.find() Run the rolesInfo command on the secondary. It will not have information about the role. db.runCommand({rolesInfo: "r1"}) Expected output: { "roles" : [ { "role" : "r1", "db" : "test", "roles" : [ ], "indirectRoles" : [ ], "privileges" : [ ] } ], "ok" : 1 } Actual output: { "roles" : [ ], "ok" : 1 }

Change history

2025-03-21 Added: 2.5.3

Links

Relevant Products

Click on a version to see all relevant bugs

Affected versions:2.5.3

Fixed versions: 2.5.4

Relevant Products

Click on a version to see all relevant bugs

Affected versions:2.5.3

Fixed versions: 2.5.4

Top MongoDB Defects

6.9Defect ID: 3167026
$merge corrupts field order in some cases on insert.
5.8Defect ID: 3151087
Update the on enterprise-rhel-8-arm64 to a medium sized variant
5.7Defect ID: 3148068
Exclude timeseries_bucket_index from multiversion tests
5.5Defect ID: 3149540
[v8.0] Time-series inserts can invariant on valid OpId
5.5Defect ID: 3154444
Fix db_s_config_server_test remote test compatibility

MongoDB Integration

Learn more about where this data comes from

MongoDB Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

MongoDB - Defect ID: 94896

Secondaries are not keeping their role graphs up-to-date when admin.system.roles is updated.

MongoDB - Defect ID: 94896

Secondaries are not keeping their role graphs up-to-date when admin.system.roles is updated.

Last updated on July 11th, 2016

BugZero Risk Score6.2 Medium

Bug Details

Info

Top User Comments

Steps to Reproduce

Links

Top MongoDB Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
6.2 Medium