MongoDB: Not authorized on database to execute command eval - mongodb

This is the query i am running:
db.surveyquestion.copyTo('surveyquestionV2')
Error I am getting:
{
"message" : "MongoError: not authorized on GenericSurveyTool to execute command { $eval: function (collName, newName) {\r" +
"var from = db[collName];\r" +
"..., args: [ 'surveyquestion', 'surveyquestionV2' ], $db: 'GenericSurveyTool' }",
"stack" : "script:1:19",
"code" : 13
}
My user in admin db that i am using to run this query:
query: db.getUsers();
/* 2 */
{
"_id" : "admin.moiz",
"user" : "moiz",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
I have this user with the root role but still i am unable to copy collection. Please help!!

To the people who has the same problem, the solution is in the documentation of db.eval() : just right here
If authorization is enabled, you must have access to all actions on all resources in order to run eval. Providing such access is not recommended, but if your organization requires a user to run eval, create a role that grants anyAction on anyResource. Do not assign this role to any other user.

Related

MongoDB User Is Not Authorized To

In Mongo, I've created a database and created a user specifically for that database. When I type "show users" I get this:
rs0:PRIMARY> show users;
{
"_id" : "sampleuser.sampleuser",
"user" : "sampleuser",
"db" : "sampledb",
"roles" : [
{
"role" : "readWrite",
"db" : "sampledb"
},
{
"role" : "dbAdmin",
"db" : "sampledb"
}
]
}
But when I try to execute a command with that user, I get the following:
not authorized on sampledb to execute command { find: "social_posts", filter: { customer_id: "123", 0: { posted: { $ne: 1 } } } }
What permissions are setup wrong?
You have to use db.auth() to authenticate to the database before executing any query.
From db.auth() doc
db.auth()
Allows a user to authenticate to the database from within the shell.
The db.auth() method can accept:
the username and password.
db.auth( <username>, <password> )
a user document that contains the username and password, and optionally, the authentication mechanism and a digest password flag.
db.auth( {
user: <username>,
pwd: <password>,
mechanism: <authentication mechanism>,
digestPassword: <boolean>
}
Returns: db.auth() returns 0 when authentication is not successful, and 1 when the operation is successful.

cannot authenticate with new user in mongo

> use failsafereports;
> db.createUser({ user : 'readonly', pwd: 'readonly', roles : ['read']})
Successfully added user: { "user" : "readonly", "roles" : [ "read" ] }
> show users;
{
"_id" : "failsafereports.readonly",
"user" : "readonly",
"db" : "failsafereports",
"roles" : [
{
"role" : "read",
"db" : "failsafereports"
}
]
}
> db.auth('readonly','readonly')
Error: 18 { ok: 0.0, errmsg: "auth failed", code: 18 }
0
I am creating a new user.
It shows when I use show users
But when I try to auth, it fails.
any ideas?
I've read around the internet about this problem occurring from the command line, but couldn't find one that happens from mongo shell.

What role is required to allow MongoDB db.collection.aggregate() usage?

I have a user in admin.system.users:
{
"_id" : "admin.reports",
"user" : "reports",
"db" : "admin",
"credentials" : {
"MONGODB-CR" : "hash"
},
"roles" : [
{
"role" : "read",
"db" : "mydb"
}
]
}
And I am attempting to execute this from a bash script:
mongo --quiet mongodb.production.internal/admin -ureports -p"password" <<< "
var conn = connect('localhost/mydb');
db.auth('reports', 'password');
db.Collection.aggregate([
{
\$group: {
_id: '\$itemId',
count: { \$sum: 1 }
}
},
{
\$sort: {
count: 1
}
}
], {cursor: {}}).forEach(function(line) {
print(line._id+','+line.count);
});
"
And I am getting this response from the mongodb instance:
not authorized on admin to execute command { aggregate: (amongst other very verbose but pointless output).
What permission do I need to enable the use of the aggregation command for this user? Can it not be done without enabling write access?
The issue was not with permissions, read is indeed sufficient, but with correctly switching to the right database.
I was using connect() to silently (no output) switch to the working db because the use command throws output. This is incorrect, and the workaround is in how you specify the connection on the command line, ie:
mongo --quiet mongodb.production.internal/mydb --authenticationDatabase admin -ureports -p"password"

db.dropUser("user") returning false when logged in as root

I am logged in with the following:
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
The following happens:
> use mydb
switched to db mydb
> db.dropUser("mydbReadWrite")
false
I suspect I do not have the roles, I am root?
It was correct, the user was somehow dropped before without notifying me(hmm...). So it returned false as the user did not exist.
may be you need switch to the db that you create the uesr "mydbReadWrite"

Able query only admin database

I just upgraded to 2.6. I run the authSchemaUpgrade. But after that, I managed to remove all users from the database (Its a private small database, so that is nothing too bad). Now I have created a new user admin:
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
After I have db.auth("admin","..") on the admin database I should be able to query any other databases too, but after I do:
user otherDatabase
show collections
I get:
2014-06-09T09:33:36.853+0000 error: {
"$err" : "not authorized for query on otherDatabase.system.namespaces",
"code" : 13
} at src/mongo/shell/query.js:131
What am I missing?
You need to give your admin user the role readWriteAnyDatabase in order to allow that user to query other databases.
You may want to also consider giving your admin user dbAdminAnyDatabase and clusterAdmin roles.