I have created a new user and mapped to the old role which role is having all the update permission but still, i'm getting access denied error in Marklogic, I'm trying to update the document through XCC connector
XCC version : 7.0.1
Marklogic Version : 10.0.2
Error:
Caused by: com.app.connector.AppException: com.marklogic.xcc.exceptions.XQueryException: ERR_ACCESSDENIED (perm:error): Access denied for user XCC_BASIC to $author/basic/create-tag elementID: 0
[Session: user=admin-user, cb=App [ContentSource: user=admin-user, cb=App [provider: address=mldev.com.web/xx.xx.xx.xx:8017, pool=1/64]]]
[Client: XCC/7.0-1, Server: XDBC/10.0-2.1]
in /lib/permission.xqy, on line 1845
expr: ,
in assert-access("$au/basic/create-tag", "0")
in /lib/permission.xqy, on line 1849
expr: ,
in perm:assert-access("$au/basic/create-tag")
in /lib/data.xqy, on line 7689
expr: ,
in data:create-tag(xs:anyURI("/test.xml"), "Admin_09_Convert", "Autocreated by Admin before run Converter query")
on line 4
I am using MongoDB with a replica set. When I am trying to create a metricbeat MongoDB module am not sure How to give a URL. I don't understand how to solve it. when uncommenting the ssl.verification_mode: 'none' then getting "no reachable servers error". if you comment the ssl.verification_mode: 'none' then getting saslcontinue.mechanism error.
metricbeat version: 7.11.1
MongoDB: 5.0
#ssl.verification_mode: 'none' mongodb/mongodb.go:98 Error establishing direct connection to mongo node at [ip:27017]. Error
output: server returned error on SASL authentication step: BSON field
'saslContinue.mechanism' is an unknown field. module/wrapper.go:259
Error fetching data for metric set mongodb.status: error creating new
Session: server returned error on SASL authentication step: BSON field
'saslContinue.mechanism' is an unknown field.
ssl.verification_mode: 'none':
"error": { "message": "error creating new Session: no reachable
servers"
I have a MongoDB cluster running MongoDB 3.4.14 in MongoDB Atlas. My application is successfully connected with this cluster and can read and write. I can connect with the shell to this cluster also.
When I try to connect with Studio3t (Version 2018.2.5) everything works fine as well. But when I try to view an available collection I get the following error:
Failed to retrieve documents
[somedatabase.somecollection#SomeCluster [replica set]] Database error!
Stacktrace:
|_/ java.lang.Exception: [somedatabase.somecollection#SomeCluster [replica
set]] Database error!
|____/ Mongo Server error (MongoQueryException): Query failed with error code 59 and error message 'command not found' on server cluster0-shard-00-00-*****.mongodb.net:27017
I'm not sure if this is a problem with the cluster configuration or with Studio3t itself.
If I can provide you with more information that would help to solve the problem just let me know.
I'm trying to set password for mongodb to prevent access to db with empty login and pass (set by default).
I'm statring mongo server:
sudo ./mongod
Starting client:
./mongo
Setting password:
use admin
db.addUser("root", "root")
exit
The output is:
MongoDB shell version: 2.2.0
connecting to: test
> use admin
switched to db admin
> db.addUser("root", "root")
{
"user" : "root",
"readOnly" : false,
"pwd" : "2a8025f0885adad5a8ce0044070032b3",
"_id" : ObjectId("50c90b94e28c41a388104f64")
}
> exit
Hoever, wheh I try to auth with empty credentials (I use mViever admin UI), it still works. Otherwise, access with root/root is not avialable. What I'm doing wrong?
Also tried to start mongo server with -auth parameter, the same result:
./mongod -auth
UPD: After starting with -auth parameter can't login with any pass. Getting:
Thu Dec 13 03:27:38 uncaught exception: error {
"$err" : "unauthorized db:admin ns:admin.system.users lock type:1 client:127.0.0.1",
"code" : 10057
}
Update: I dont know what's goin on...
> db.auth("root","root");
1
> ^C
bye
It can login. Let's restart ./mongod --auth and ./mongo:
MacBook-Pro-Ilya:bin ilyarusanen$ ./mongo
MongoDB shell version: 2.2.2
connecting to: test
> db.auth("root","root")
Error: { errmsg: "auth fails", ok: 0.0 }
0
> db.test.insert({"yeah":"2342"})
Fri Dec 14 08:52:05 uncaught exception: getlasterror failed: { "errmsg" : "need to login", "ok" : 0 }
> use admin
switched to db admin
> db.addUser("root","root")
Fri Dec 14 08:52:14 uncaught exception: error {
"$err" : "unauthorized db:admin ns:admin.system.users lock type:1 client:127.0.0.1",
"code" : 10057
}
> db.auth("root","root")
1
Why at first it can login? Why after restarting mongo is not able to login? And why after FAILED attempt to addUser, it becomes able to login? Thanks.
UPDATE2: MongoHub seems to auth ok. However, from NodeJS I still can't login: I use such code:
mongo_db.open(function(err,data){
if(data){
data.authenticate("root", "root",function(err2,data2){
if(data2){
console.log("Database opened");
}
else{
console.log(err2);
}
});
} else {
console.log(err);
}
});
And I get:
{ [MongoError: auth fails] name: 'MongoError', errmsg: 'auth fails', ok: 0 }
But mention, MongoHub with same credentials works fine.
From your comment you mention that you are using mViewer. Version 0.9.1 of mViewer does not support authentication. According to this issue on the mViewer GitHub, this is resolved in version 0.9.2, which was targeted for release in Oct.
Before starting the node with authentication, log on to the node and add a user. Then start the node with --auth and connect to the shell without mViewer.
At this point you can connect to the admin database and authenticate your admin user:
use admin
db.auth('root', 'root')
Since you set up an admin user, which will have access to all the databases, you need to authenticate against the admin database. Once you have done this you will have access to all the databases. You will also be able to create new users on any database, or create new read only users for all the databases.
If you create a new user that has access to only one database, that user would need to use that database and db.auth(name, pass) against it.
If you create a new user that has read only access to all databases, they would use admin and then db.auth(name, pass) to gain their read only access to all databases
You can find more information on setting up authentication here and more information about setting up users here
Note: When you start a node without --auth then no authentication is enabled. This means you can connect with the shell and db.auth('root','root') but it won't do anything as far as access is concerned. MongoDB will not deny access to the databases without --auth command line option (--keyFile in sharded setups or replica sets)
When I try to clone my mongo database from other machine, I see the following on client
db.cloneDatabase('10.10.124.110')
{ "errmsg" : "query failed staging.system.namespaces", "ok" : 0 }
and on server I see
Thu Nov 10 11:29:01 [conn10] assertion 10057 unauthorized db:staging lock type:-1 client:10.10.124.110 ns:staging.system.namespaces query:{}
How can I resolve this issue?
That error seems a lot like this one https://jira.mongodb.org/browse/SERVER-2846 where an error is thrown because copyDatabase() ... which cloneDatabase() uses ... requires Admin privileges. In that case the user is using a hosted MongoDB instance where they didn't have admin privileges.
You can see some more about how to use the copyDatabase() command here and here.
So, for example if you are using -auth a username/password you'll need to run the copyDatabase() command like this:
> db.copyDatabase(from_db, to_db, from_host, username, password);
I was able to just resolve this error by querying the PRIMARY host in a replicaSet, rather than the SECONDARY.