First I tried db.eval() for my local mogodb server.It is working fine.I used this example
Then I tried the same thing with MongoLab.But I got this error message.
The error say not authorized to execute command.Can you explain why this error message.thanks
Eval is a powerfull, dangerous and deprecated action that mLab don't give.
In a local mongo db you should create a role:
use admin
db.createRole(
{
role: "dangerEval",
privileges : [
{ resource: {anyResource: true }, actions : ["anyAction"] },
// or this for grant anyAction only on a single db:
{ resource: {db: "myDb", collection: "" }, actions: [ "anyAction" ] }
],
roles: []
}
)
Then you can assign this role to a user:
db.createUser({
user: "temporaneyEvalUser",
pwd: "psw",
roles: [ { role: "dangerEval", db: "myDb" } ]
});
So you have to choose another way to archive your target or change mongo installation.
Related
How to create a mongodb user who can read write but not delete a document.
As mistakes can happen so some people may want to disable delete option for users. which can be achieved using the below tutorial.
It took me few minutes to find so sharing so it may reduce some peoples time in searching.
In order to do that we have to create a role.
Go to admin db
use admin
then execute the below command
db.createRole(
{
role: "customROle",
privileges: [
{ resource: { cluster: true }, actions: [ "addShard" ] },
{ resource: { db: "config", collection: "" }, actions: [ "find", "update", "insert"] },
{ resource: { db: "", collection: "" }, actions: [ "update", "insert", "find" ] }
],
roles: [
{ role: "readWrite", db: "admin" }
]
},
{ w: "majority" , wtimeout: 5000 }
)
Note: You can give a specific db access too and give only read access or something like that.
Then we can add the role to a user by using the below command.
db.createUser(
{ user: "gokul",
pwd: "gokul123",
roles:[{role: "customROle" , db:"admin"}]})
What would be the configuration/command for creating a role which can be applied to a user in MongoDB so that the user is unable to drop a collection?
Check the mongoDB documentation for creating user roles and privileges.
http://docs.mongodb.org/manual/tutorial/manage-users-and-roles/
In general, for a non-admin role, only providing read access will prevent a user from dropping a collection. The code below is taken from the mongo docs and demonstrates access modifications for various collections.
use reporting
db.createUser(
{
user: "reportsUser",
pwd: "12345678",
roles: [
{ role: "read", db: "reporting" },
{ role: "read", db: "products" },
{ role: "read", db: "sales" },
{ role: "readWrite", db: "accounts" }
]
}
)
I am trying to create a new role in mongodb but It is giving me error:
> use Admin
switched to db Admin
> db.createRole( { role: "executeFunctions", privileges: [ { resource: { anyResource: true }, actions: [ "anyAction" ] } ], roles: [] } );
2018-03-13T19:59:25.114+0500 E QUERY [thread1] Error: Roles on the 'Admin' database cannot be granted privileges that target other databases or the cluster :
_getErrorWithCode#src/mongo/shell/utils.js:25:13
DB.prototype.createRole#src/mongo/shell/db.js:1541:1
#(shell):1:1
Some time mongo work with the wrong spell and create the problem later.
So check:
use admin
switched to db admin
> db.createRole( { role: "executeFunctions", privileges: [ { resource: { anyResource: true }, actions: [ "anyAction" ] } ], roles: [] } );
I am struggling with the MongoDB authorization system. I have an application with must execute some very precise defined db.eval() statements. As we all know, this function requires special privileges.
I tried
use admin
db.createRole({ role: "dbEval", privileges: [{ resource: {anyResource: true}, actions: ["anyAction"]}], roles:[ { role: "readWrite", db: "test" }]})
use test
db.createUser({ user: "default", pwd: "default", roles: [ { role: "dbEval", db: "test" }] })
But I get the error message
Error: couldn't add user: No role named dbEval#test
How can I create a user in "admin" and let him allow "dbEval" role to be used in "test"?
Thanks!
What would be the configuration/command for creating a role which can be applied to a user in MongoDB so that the user is unable to drop a collection?
Check the mongoDB documentation for creating user roles and privileges.
http://docs.mongodb.org/manual/tutorial/manage-users-and-roles/
In general, for a non-admin role, only providing read access will prevent a user from dropping a collection. The code below is taken from the mongo docs and demonstrates access modifications for various collections.
use reporting
db.createUser(
{
user: "reportsUser",
pwd: "12345678",
roles: [
{ role: "read", db: "reporting" },
{ role: "read", db: "products" },
{ role: "read", db: "sales" },
{ role: "readWrite", db: "accounts" }
]
}
)