Related
I'm learning MongoDB and trying to use Atlas. I created a remote cluster and tried to connect it using both MongoDB Compass and Studio 3T. However, I noticed that after connecting with Studio 3T, there was an empty database named "test" appearing in the left panel, below "admin" and "local" databases. Where did it come from? And how can I drop it? Because when I tried to drop this database, I got this error
Mongo Server error (MongoCommandException): Command failed with error 8000 (AtlasError): 'user is not allowed to do action [dropDatabase] on [test.]' on server ac-bkmhuxm-shard-00-02.w2nutv2.mongodb.net:27017.
The full response is:
{
"ok" : 0.0,
"errmsg" : "user is not allowed to do action [dropDatabase] on [test.]",
"code" : 8000.0,
"codeName" : "AtlasError"
}
After changing the roles in Atlas, I can now delete the database. However it keeps appearing when I make a new connection to MongoDB. Why is that?
Database test is the default database when you don't define anything.
Databases local, admin and config are MongoDB system internal databases, you should not touch them unless advised by MongoDB support or special admin tasks.
See also 3 default database in MongoDB
I have created a cluster in MongoDB Atlas and can't seem to be able to write data to it.
const uri = "mongodb+srv://myUser:myPass#myDB-4myav.mongodb.net/portfolio";
I have this as my uri to connect to, and every time I try to write to the database, I get this error:
{ MongoError: not authorized on admin to execute command { insert:
"users", documents: [[{name Daniel} {_id
ObjectIdHex("5aa6d7d6396deb25844ccb52")} {__v 0}]], ordered: false }
I have read that I need to create an admin user with the role of "root" but when I connect to my database using the mongo shell and try creating it, I get this:
Error: couldn't add user: not authorized on admin to execute command
So basically I don't have a user that can write to my database.
I've also tried making a user with every role possible on the MongoDB Atlas website (for my cluster of course) and then connecting through the mongo shell with it, but that failed as well.
To summarize: I've made a new cluster on MongoDB Atlas. How do I write data to it?
Thanks in advance, feel free to point out if I'm missing something simple and stupid.
{ MongoError: not authorized on admin to execute command { insert: "users", documents: [[{name Daniel} {_id ObjectIdHex("5aa6d7d6396deb25844ccb52")} {__v 0}]], ordered: false }
This error indicates your code is trying to insert documents into the admin database, which is a system database reserved for user and role information.
In your connection string you intended to use the portfolio database. However, the srv connection string format does not support specifying a database so your option was ignored and the default database of admin was used. You need to select the portfolio database after connecting.
This was also reported in the Mongoose issue tracker (GitHub issue #6106) where a user posted a workaround you could adapt:
mongoose.connection.on('connected', function() {
// Hack the database back to the right one, because when using mongodb+srv as protocol.
if (mongoose.connection.client.s.url.startsWith('mongodb+srv')) {
mongoose.connection.db = mongoose.connection.client.db('portfolio');
}
console.log('Connection to MongoDB established.')
});
mongoose.connect(...);
I have read that I need to create an admin user with the role of "root" but when I connect to my database using the mongo shell and try creating it, I get this:
You need to manage users via MongoDB Atlas rather than the mongo shell. You can create a user account with the "Read and write to any database" role (or more refined privileges using Advanced Options).
You need to create a user with root role from Mongo Shell,
use admin
db.createUser(
{
user: "admin",
pwd: "password",
roles: [ { role: "root", db: "admin" } ]
}
);
exit;
or you need to add new user through atlas(refer below snapshot)
Goto Clusters
click Security
Click ADD NEW USER
type username
create Password based on SCRAM-SHA1 method
choose ROLE Atlas admin
click Add User
After created user, goto Clusters-->OverView --> CONNECT
Verify the IP Whitelist
Choose a connection method:
Connect with Mongo Shell (I am choosing)
Connect your Application
Connect with MongoDB Compass
$ mongo "mongodb+srv://project-u-s3cgp.azure.mongodb.net/test" --username dbAdmin
MongoDB shell version v3.6.1
Enter password:
connecting to: mongodb+srv://project-u-s3cgp.azure.mongodb.net/test
.........
.........
MongoDB Enterprise project-U-shard-0:PRIMARY>db.user.insert({name:"Daniel"})
WriteResult({ "nInserted" : 1 })
MongoDB Enterprise O2Ci-U-shard-0:PRIMARY>
I hope, you can able to insert the record after creation of root user.
Thanks,
Karthick
I am trying to add authorization to my MongoDB.
I am doing all this on Linux with MongoDB 2.6.1.
My mongod.conf file is in the old compatibility format
(this is how it came with the installation).
1) I created admin user as described here in (3)
http://docs.mongodb.org/manual/tutorial/add-user-administrator/
2) I then edited mongod.conf by uncommenting this line
auth = true
3) Finally I rebooted the mongod service and I tried to login with:
/usr/bin/mongo localhost:27017/admin -u sa -p pwd
4) I can connect but it says this upon connect.
MongoDB shell version: 2.6.1
connecting to: localhost:27017/admin
Welcome to the MongoDB shell!
The current date/time is: Thu May 29 2014 17:47:16 GMT-0400 (EDT)
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
5) Now it seems this sa user I created has no permissions at all.
root#test02:~# mc
MongoDB shell version: 2.6.1
connecting to: localhost:27017/admin
Welcome to the MongoDB shell!
The current date/time is: Thu May 29 2014 17:57:03 GMT-0400 (EDT)
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
[admin] 2014-05-29 17:57:03.011 >>> use admin
switched to db admin
[admin] 2014-05-29 17:57:07.889 >>> show collections
2014-05-29T17:57:10.377-0400 error: {
"$err" : "not authorized for query on admin.system.namespaces",
"code" : 13
} at src/mongo/shell/query.js:131
[admin] 2014-05-29 17:57:10.378 >>> use test
switched to db test
[test] 2014-05-29 17:57:13.466 >>> show collections
2014-05-29T17:57:15.930-0400 error: {
"$err" : "not authorized for query on test.system.namespaces",
"code" : 13
} at src/mongo/shell/query.js:131
[test] 2014-05-29 17:57:15.931 >>>
What is the problem? I repeated this whole procedure 3 times and
I think I did it all as specified in the MongoDB docs. But it doesn't work.
I was expecting this sa user to be authorized to do anything so that
he can then create other users and give them more specific permissions.
I was also scratching my head around the same issue, and everything worked after I set the role to be root when adding the first admin user.
use admin
db.createUser(
{
user: 'admin',
pwd: 'password',
roles: [ { role: 'root', db: 'admin' } ]
}
);
exit;
If you have already created the admin user, you can change the role like this:
use admin;
db.grantRolesToUser('admin', [{ role: 'root', db: 'admin' }])
For a complete authentication setting reference, see the steps I've compiled after hours of research over the internet.
It's a bit confusing - I believe you will need to grant yourself readWrite to query a database. A user with dbadmin or useradmin can admin the database (including granting yourself additional rights) but cannot perform queries or write data.
so grant yourself readWrite and you should be fine -
http://docs.mongodb.org/manual/reference/built-in-roles/#readWrite
Perhaps a quick example of how to change a current user will be helpful to somebody. This is what I was actually looking for.
Following advice of #JohnPetrone I added readWrite role to my admin user with grantRolesToUser
> use admin
> db.grantRolesToUser("admin",["readWrite"])
> show collections
system.users
system.version
You can try: Using the --authenticationDatabase flag helps.
mongo --port 27017 -u "admin" -p "password" --authenticationDatabase "admin"
I know this answer is coming really late on in this thread but I hope you check it out.
The reason you get that error is based on the specific role that you granted to the user, which you have gathered by now, and yes giving that user the role root will solve your problem but you must first understand what these roles do exactly before granting them to users.
In tutorial you granted the user the userAdminAnyDatabase role which basically give the user the ability to manage users of all your databases.
What you were trying to do with your user was outside its role definition.
The root role has this role included in it definition as well as the readWriteAnyDatabase, dbAdminAnyDatabase and other roles making it a superuser (basically because you can do anything with it).
You can check out the role definitions to see which roles you will need to give you users to complete certain tasks.
https://docs.mongodb.com/manual/reference/built-in-roles/
Its not advisable to make all your users super ones :)
It's a simple question.
It's important that you must switch the target db NOT admin.
use yourDB
check your db authentication by
show users
If you get a {} empty object that is the question. You just need to type
db.createUser(
{
user: "yourUser",
pwd: "password",
roles: [ "readWrite", "dbAdmin" ]
} )
or
db.grantRolesToUser('yourUser',[{ role: "dbAdmin", db: "yourDB" }])
I had this problem because of the hostname in my MongoDB Compass was pointing to admin instead for my project. Fixed by adding the /projectname after the hostname :)
Try this:
Choose your project in the MongoDB atlas website
Connect/Connect with MongoDB Compass
Download Compass/Choose your OS
I used Compass 1.12 or later
Copy the connection string under the Compass 1.12 or later.
Open MongoDB Compass/Connect(top left)/Connect To
Connection String detected/Yes/
Append your project name after the hostname: cluster9-foodie.mongodb.net/projectname
Connect & Tested the API with POSTMAN.
Succeed.
Use the same connection string in your code too:
Before:
mongodb+srv://projectname:password#cluster9-foodie.mongodb.net/admin
After:
mongodb+srv://projectname:password#cluster9-foodie.mongodb.net/projectname
Good luck.
Use Admin :
use admin
Create a super user :
db.createUser(
{
user: "master",
pwd: "test#123",
roles: [
{
role: "readWriteAnyDatabase",
db: "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
"userAdminAnyDatabase"
]
}
)
If you're using Atlas, note that you can't create users through the mongo shell.
I was banging my head against the wall for a while till I came across this:
https://www.mongodb.com/community/forums/t/cant-create-a-root-user-from-mongo-shell/101369
I came across this thread with a similar issue, but my problem was that I used the collection name instead of the database name.
I had a similar problem here on a Windows environment: I have installed Bitnami DreamFactory and it also installs another MongoDb that is started on system boot. I was running my MongoDbService (that was started without any error) but I noticed after losing a lot of time that I was in fact connecting on Bitnami's MongoDb Service. Please, take a look if there is not another instance of mongoDB running on your server.
Good Luck!
In addition, notice that if your mongo shell client fails to connect correctly to the mongod instance, you can receive such "Permission Denied" errors.
Make sure that your client opens a connection by checking the connection port, but also that the port you are using in mongod is not in use. You can set a different port by using the --port <port> parameter in both the shell and the process.
use mydb
db.createUser( { user: "test", pwd: "secret", roles: [ "readWrite", "dbAdmin"],passwordDigestor:"server" } )
Agreed that you've to get authenticated to admin db and needs at least a role with correct privileges which would avoid 'local host exception' from DB(this is for mongoDB's hosted on-premises), though you've everything in place & still getting not authorized exceptions on almost every command, while accessing mongoDB which got created using Mongo Atlas, then here is the place where you might know the reason, why :
https://dba.stackexchange.com/questions/219003/not-authorized-on-admin-to-execute-command-mongodb-atlas-m0-free-tier-cluster?newreg=471a9a26108243d78d4ca74a87e7a115
and also check this if you've hosted mongoDB on mongo Atlas:
https://docs.atlas.mongodb.com/unsupported-commands/
I followed these steps on Centos 7 for MongoDB 4.2. (Remote user)
Update mongod.conf file
vi /etc/mongod.conf
net:
port: 27017
bindIp: 0.0.0.0
security:
authorization: enabled
Start MongoDB service demon
systemctl start mongod
Open MongoDB shell
mongo
Execute this command on the shell
use admin
db.createUser(
{
user: 'admin',
pwd: 'YouPassforUser',
roles: [ { role: 'root', db: 'admin' } ]
}
);
Remote root user has been created. Now you can test this database connection by using any MongoDB GUI tool from your dev machine. Like Robo 3T
For MongoDB shell version v4.2.8 I've tried different ways to back-up my database with auth, my winner solution is
mongodump -h <your_hostname> -d <your_db_name> -u <your_db_username> -p <your_db_password> --authenticationDatabase admin -o /path/to/where/i/want
This may be because you havent set noAuth=true in mongodb.conf
# Turn on/off security. Off is currently the default
noauth = true
#auth = true
After setting this restart the service using
service mongod restart
I saw a note somewhere to the effect that Meteor does not support oplog tailing in the newest version of Mongo. What is the latest version of Mongo that I can safely use with Meteor if I want oplog tailing?
I need oplog tailing because I plan to write to my Meteor database from an external Python process. I would like to use MongoDB 2.6.5 because it has support for bulk writes, which dramatically speeds up my system.
Also, if I do use Mongo 2.6.5 and oplog tailing is unavailable, will my database writes appear after the 10 second polling delay, which I think was the behavior before oplog tailing was introduced.
Officially MongoDB 2.6 isn't supported. It is possible to enable oplog tailing with Mongo 2.6 but the process is different given the new authentication system with Mongo 2.6
This is just a guideline, I'm not absolutely certain this will work for you, but it will give you a bit of direction. You need admin permissions to do this so ensure that you can with the user you're using to log in.
Enable oplog tailing
Additionally you need a replica set. In the case of a single mongodb db you need a single set replica: (Better info on that here: https://gentlenode.com/journal/meteor-10-set-up-oplog-tailing-on-ubuntu/17)
Create a user that Meteor can access
Here is where you may run into problems
1) First create a user oplogger (http://docs.mongodb.org/manual/reference/method/db.createUser/).
2) Create an oplogger role
db.runCommand({ createRole: "oplogger", privileges: [ { resource: {
db: 'local', collection: 'system.replset'}, actions: ['find']}, ],
roles: [{role: 'read', db: 'local'}] })
3) Grant this role to your user
db.runCommand({ grantRolesToUser: 'oplogger', roles: ['oplogger']})
Then you can use the MONGO_OPLOG_URL environment variable with ?authSource=local at the end of the mongo url to enable oplog tailing on your meteor app.
Other helpful links:
https://github.com/meteor/meteor/issues/2036
Meteor oplog for Mongo 2.6
Again i'm not sure the commands will work exactly as they are. I remember doing this a couple of times but there was some tweaking required and mongo was quite stubborn when it came to granting the roles.
But all in all I've been using oplog tailing with Mongo 2.6/Meteor 1.0 without any issues so far.
Also, yes, if you insert a document directly into MongoDB there will be a max of a 10 second delay without oplog tailing.
I am trying to add authorization to my MongoDB.
I am doing all this on Linux with MongoDB 2.6.1.
My mongod.conf file is in the old compatibility format
(this is how it came with the installation).
1) I created admin user as described here in (3)
http://docs.mongodb.org/manual/tutorial/add-user-administrator/
2) I then edited mongod.conf by uncommenting this line
auth = true
3) Finally I rebooted the mongod service and I tried to login with:
/usr/bin/mongo localhost:27017/admin -u sa -p pwd
4) I can connect but it says this upon connect.
MongoDB shell version: 2.6.1
connecting to: localhost:27017/admin
Welcome to the MongoDB shell!
The current date/time is: Thu May 29 2014 17:47:16 GMT-0400 (EDT)
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
5) Now it seems this sa user I created has no permissions at all.
root#test02:~# mc
MongoDB shell version: 2.6.1
connecting to: localhost:27017/admin
Welcome to the MongoDB shell!
The current date/time is: Thu May 29 2014 17:57:03 GMT-0400 (EDT)
Error while trying to show server startup warnings: not authorized on admin to execute command { getLog: "startupWarnings" }
[admin] 2014-05-29 17:57:03.011 >>> use admin
switched to db admin
[admin] 2014-05-29 17:57:07.889 >>> show collections
2014-05-29T17:57:10.377-0400 error: {
"$err" : "not authorized for query on admin.system.namespaces",
"code" : 13
} at src/mongo/shell/query.js:131
[admin] 2014-05-29 17:57:10.378 >>> use test
switched to db test
[test] 2014-05-29 17:57:13.466 >>> show collections
2014-05-29T17:57:15.930-0400 error: {
"$err" : "not authorized for query on test.system.namespaces",
"code" : 13
} at src/mongo/shell/query.js:131
[test] 2014-05-29 17:57:15.931 >>>
What is the problem? I repeated this whole procedure 3 times and
I think I did it all as specified in the MongoDB docs. But it doesn't work.
I was expecting this sa user to be authorized to do anything so that
he can then create other users and give them more specific permissions.
I was also scratching my head around the same issue, and everything worked after I set the role to be root when adding the first admin user.
use admin
db.createUser(
{
user: 'admin',
pwd: 'password',
roles: [ { role: 'root', db: 'admin' } ]
}
);
exit;
If you have already created the admin user, you can change the role like this:
use admin;
db.grantRolesToUser('admin', [{ role: 'root', db: 'admin' }])
For a complete authentication setting reference, see the steps I've compiled after hours of research over the internet.
It's a bit confusing - I believe you will need to grant yourself readWrite to query a database. A user with dbadmin or useradmin can admin the database (including granting yourself additional rights) but cannot perform queries or write data.
so grant yourself readWrite and you should be fine -
http://docs.mongodb.org/manual/reference/built-in-roles/#readWrite
Perhaps a quick example of how to change a current user will be helpful to somebody. This is what I was actually looking for.
Following advice of #JohnPetrone I added readWrite role to my admin user with grantRolesToUser
> use admin
> db.grantRolesToUser("admin",["readWrite"])
> show collections
system.users
system.version
You can try: Using the --authenticationDatabase flag helps.
mongo --port 27017 -u "admin" -p "password" --authenticationDatabase "admin"
I know this answer is coming really late on in this thread but I hope you check it out.
The reason you get that error is based on the specific role that you granted to the user, which you have gathered by now, and yes giving that user the role root will solve your problem but you must first understand what these roles do exactly before granting them to users.
In tutorial you granted the user the userAdminAnyDatabase role which basically give the user the ability to manage users of all your databases.
What you were trying to do with your user was outside its role definition.
The root role has this role included in it definition as well as the readWriteAnyDatabase, dbAdminAnyDatabase and other roles making it a superuser (basically because you can do anything with it).
You can check out the role definitions to see which roles you will need to give you users to complete certain tasks.
https://docs.mongodb.com/manual/reference/built-in-roles/
Its not advisable to make all your users super ones :)
It's a simple question.
It's important that you must switch the target db NOT admin.
use yourDB
check your db authentication by
show users
If you get a {} empty object that is the question. You just need to type
db.createUser(
{
user: "yourUser",
pwd: "password",
roles: [ "readWrite", "dbAdmin" ]
} )
or
db.grantRolesToUser('yourUser',[{ role: "dbAdmin", db: "yourDB" }])
If you're using Atlas, note that you can't create users through the mongo shell.
I was banging my head against the wall for a while till I came across this:
https://www.mongodb.com/community/forums/t/cant-create-a-root-user-from-mongo-shell/101369
I had this problem because of the hostname in my MongoDB Compass was pointing to admin instead for my project. Fixed by adding the /projectname after the hostname :)
Try this:
Choose your project in the MongoDB atlas website
Connect/Connect with MongoDB Compass
Download Compass/Choose your OS
I used Compass 1.12 or later
Copy the connection string under the Compass 1.12 or later.
Open MongoDB Compass/Connect(top left)/Connect To
Connection String detected/Yes/
Append your project name after the hostname: cluster9-foodie.mongodb.net/projectname
Connect & Tested the API with POSTMAN.
Succeed.
Use the same connection string in your code too:
Before:
mongodb+srv://projectname:password#cluster9-foodie.mongodb.net/admin
After:
mongodb+srv://projectname:password#cluster9-foodie.mongodb.net/projectname
Good luck.
Use Admin :
use admin
Create a super user :
db.createUser(
{
user: "master",
pwd: "test#123",
roles: [
{
role: "readWriteAnyDatabase",
db: "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
"userAdminAnyDatabase"
]
}
)
I came across this thread with a similar issue, but my problem was that I used the collection name instead of the database name.
I had a similar problem here on a Windows environment: I have installed Bitnami DreamFactory and it also installs another MongoDb that is started on system boot. I was running my MongoDbService (that was started without any error) but I noticed after losing a lot of time that I was in fact connecting on Bitnami's MongoDb Service. Please, take a look if there is not another instance of mongoDB running on your server.
Good Luck!
In addition, notice that if your mongo shell client fails to connect correctly to the mongod instance, you can receive such "Permission Denied" errors.
Make sure that your client opens a connection by checking the connection port, but also that the port you are using in mongod is not in use. You can set a different port by using the --port <port> parameter in both the shell and the process.
use mydb
db.createUser( { user: "test", pwd: "secret", roles: [ "readWrite", "dbAdmin"],passwordDigestor:"server" } )
Agreed that you've to get authenticated to admin db and needs at least a role with correct privileges which would avoid 'local host exception' from DB(this is for mongoDB's hosted on-premises), though you've everything in place & still getting not authorized exceptions on almost every command, while accessing mongoDB which got created using Mongo Atlas, then here is the place where you might know the reason, why :
https://dba.stackexchange.com/questions/219003/not-authorized-on-admin-to-execute-command-mongodb-atlas-m0-free-tier-cluster?newreg=471a9a26108243d78d4ca74a87e7a115
and also check this if you've hosted mongoDB on mongo Atlas:
https://docs.atlas.mongodb.com/unsupported-commands/
I followed these steps on Centos 7 for MongoDB 4.2. (Remote user)
Update mongod.conf file
vi /etc/mongod.conf
net:
port: 27017
bindIp: 0.0.0.0
security:
authorization: enabled
Start MongoDB service demon
systemctl start mongod
Open MongoDB shell
mongo
Execute this command on the shell
use admin
db.createUser(
{
user: 'admin',
pwd: 'YouPassforUser',
roles: [ { role: 'root', db: 'admin' } ]
}
);
Remote root user has been created. Now you can test this database connection by using any MongoDB GUI tool from your dev machine. Like Robo 3T
For MongoDB shell version v4.2.8 I've tried different ways to back-up my database with auth, my winner solution is
mongodump -h <your_hostname> -d <your_db_name> -u <your_db_username> -p <your_db_password> --authenticationDatabase admin -o /path/to/where/i/want
This may be because you havent set noAuth=true in mongodb.conf
# Turn on/off security. Off is currently the default
noauth = true
#auth = true
After setting this restart the service using
service mongod restart