MongoDB - readWriteAnyDatabase role not working - mongodb

I have a user with a readWriteAnyDatabase role but still it cannot list the collections in a db I have named ops.
I have another user with a root role and he succeed to list the collections.
What can be the cause?
The error I am getting: Not authorized to execute command: listCollections...
using mongodb: 3.4.7
I have 2 dbs:
admin
ops
I try to view the collections in ops

Can you login to the mongo shell as admin and run db.getUser("xxx") (where xxx is the username in question) and show the output.
Also, can you verify that you are in fact authenticating as this user in question. How are you testing this via the mongo shell?
Another test, login to the mongo shell as admin, then run db.auth("xxx", "passwordForXXX").

Related

MongoDB 2.6.12 - no collections in DB

I have a some problem with MongoDB (2.6.12). I have one database with collections and a lot of data. Then I created user with readWrite role, enabled auth=true in mongod.conf, restarted 'mongod' service.
Looks like auth works fine, but I can't see any data/collections in DB. I can't use 'find' query, in mongo shell it just returns nothing (empty line). I also can connect to DB without credentials and I see the same result.
I've tried a different roles and different users, but I can't get access to my data. What can be a problem?
OK!
When you login, you need to use --authenticationDatabase -parameter, normal value for that is 'admin'.
mongo host:port -u user -p password --authenticationDatabase admin
If authentication database is not same database where your collection is (your collection is not at admin-database) give that database name as last parameter at 'mongo'-command, to select that DB.
mongo host:port -u user -p password --authenticationDatabase admin myOwnDB
OR
after successful login, use command: 'use your_db_name', to change that database.
use myOwnDB
IF you don't know your database name.
When you have login successful, give command 'show dbs' to list all databases.
show dbs
After that you can use command 'use db_name' to change database. Then you can use command 'show collections' to list all collections on that database.
use myOwnDB
show collections

Root user can't connect to any database with MongoDB

I'm using MongoDB with Docker and want to automate the database creation.
I found that when passing MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD environment variables to the docker run command I can create a new root user on the admin database.
My issue starts when I'm trying to create a new database and create collections in it.
I wrote a script that selects the admin database, authenticate into the mongo service and creates new db, but for some reasons I can not access the database with my credentials..
use admin;
db.auth('myuser', 'mypassword');
use newDatabase;
db.createCollection('newCol');
when trying to authenticate to newDatabase with the given credentials (myuser and mypassword) I found that I do not have the needed permissions to the db.
What did I do wrong? How can I do it automatically anyway?
I just understood that the root cannot access the other databases for some reasons, so I used db.createUser and created a new user just for the new database.

Why is db.auth() only working after selecting a particular database?

Right after I launch mongo, running
db.auth("admin", "myGreatPassword")
returns 0. But doing this:
use admin
db.auth("admin", "myGreatPassword")
returns 1.
I find this strange because the admin user has root privileges and can access all databases and do anything.
What could be the reason for the above behavior? Why do I need to first select a particular database, in this case admin, to log in?
With mongodb you authenticate against a particular database: that database contains the collections that define the users and their roles. That user may then be authorised to do things on multiple databases, but the act of logging in happens against a specific database.
When using the command line tools this is the --authenticationDatabase option, in the mongo shell the authentication commands run against the current database.

MMS MongoDB OpLog user

I have created MongoDB deployment (replica set) using MMS Portal. I have enabled authentication in MMS portal, so that DB can be only accessed by providing credentials.
In MMS portal I don't find any option to assign oplog permission to user.
So, how can I create User with OpLog permission?
Background
Before posting this question I have searched for for the same, and found following link.
How to access to oplog MongoDB (MMS replica set)
Solution in above link is to create roles. But am not sure about this approach because, in MMS portal I can see many build-in roles but in admin database there is no system.roles collection!
INFO MongoDB version is 3.0.3
Here is how I added user with oplog access for MongoDB Replication set deployed via MMS.
In MMS Portal
Click Deployment -> MongoDB Users menu.
Click ADD USERS button.
In the form type database as admin, type preferred username & password, in roles enter root#admin (You can choose other roles as well which has create users privilege)
Now we have to login via mongo console.
mongo <domain.name>:<port>/admin -u <just_created_user> -p
Once inside mongo console type following command to create user with access to oplog
db.createUser({user: "oplogUser", pwd: "PASSWORD", roles: [{role: "read", db: "local"}]})
Now we can access oplog using following URL
mongodb://oplogUser:PASSWORD#<domain.name>:<port>/local?authSource=admin

MongoDB authenticating as superuser always fails

I have a fresh MongoDB 2.4.7 installation. I run commands below in first run:
db.getSiblingDB('admin').addUser({
user: 'root',
pwd: 'root',
roles:['userAdminAnyDatabase', 'dbAdminAnyDatabase']
});
After restarting mongod using --auth, running db.auth('root', 'root') on any dbs fails including admin db.
How can i fix it to have a super user (root access) and add other users for dbs?
You need to authenticate against the admin database and the MongoDB documentation recommend to use this user only to create new users and give appropriated permissions. But if you want to have a super user, also add the role readWriteAnyDatabase.