1

There's another answer here: Can't connect to MongoDB with authentication enabled. I tried that but still can;t figure out what's wrong why my configuration.

I use Ubuntu 14.04, Mongo 3.4.1(latest) installed as a service

First after installation I run this command, just like its documentation here: 

mongo --port 27017
use admin
db.createUser({user: "adminUser",pwd: "abc123",roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]})

it returns Successfully added user. Then I reconfigure the /etc/mongod.conf

storage:
   dbPath: /var/lib/mongodb
   journal:
     enabled: true

systemLog:
  destination: file
  logAppend: true
  path: /var/log/mongodb/mongod.log

net:
  port: 27017
  bindIp: 127.0.0.1

security:
  authorization: enabled

Save and restarted the mongod server : sudo service mongod restart

try to connect with: mongo -u "adminUser" -p "abc123" --authenticationDatabase "admin"

which is successfull, then if I change to another database with command use testDatabase, I cant make any operation to it.

use testDatabase
db.createCollection("people")

results:

{
    "ok" : 0,
    "errmsg" : "not authorized on testDatabase to execute command { create: \"people\" }",
    "code" : 13,
    "codeName" : "Unauthorized"
}

Here is registered users in my database

use admin
db.system.users.find()
{ "_id" : "admin.adminUser", 
  "user" : "adminUser", 
  "db" : "admin", 
  "credentials" : { "SCRAM-SHA-1" : {....} }, 
  "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ]
}

It seems that userAdminAnyDatabase role doesn't work anymore or is there anything wrong with my setup?

Improve this question

1 Answer 1

Reset to default
2

Built in roles UserAdmin & UserAdminAnyDatabase role allows you to create user and roles in database.

For read/ readWrite operations on database you have to create user with read/ readWrite role for that database.

Other option will be to add the role to the current user you have.

Something like this for example. 

use test
db.createUser(
  {
    user: "myTester",
    pwd: "xyz123",
    roles: [ { role: "readWrite", db: "test" },
             { role: "read", db: "reporting" } ]
  }
)
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

It works, but Does it mean that I need to create different user for different database?
It depends on use case. You can have it either way. More here. docs.mongodb.com/manual/reference/built-in-roles and docs.mongodb.com/manual/tutorial/manage-users-and-roles

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.