-
Type:
Bug
-
Resolution: Incomplete
-
Priority:
Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
I use mongodb 4.4, and I am trying to give RO users privilleges to export result to csv.
I have done custom role and granted it to user:
db.createRole(
{
role: "supp_export",
privileges: [
{ resource: { db: "", collection: "export" }, actions: [ "createCollection", "createIndex", "dropCollection" ]},
{ resource: { db: "", collection: "export2" }, actions: [ "createCollection", "createIndex", "dropCollection" ]}
],
roles: []
}
)
db.createUser({
user: "ro_test",
pwd: "ro_test",
roles: [ { role: "readAnyDatabase", db: "admin" }]
});
db.grantRolesToUser(
"ro_test",
[ { role: "supp_export", db: "admin" } ]
);
I authorized as ro_test and tried to create "export" collection, it was success operation, but in aggregation pipeline I got an error on "out" step:
not authorized on test to execute command { aggregate: "movies", pipeline: [ { $out: "export" } ], allowDiskUse: true, cursor: {}, maxTimeMS: 60000, lsid: { id: UUID("b0a59b57-b8b6-43a8-a37f-497a83c6ed46") }, $clusterTime: { clusterTime: Timestamp(1698241761, 2), signature: { hash: BinData(0, DB8554C97E979B3CDD7135650156BE51478028F7), keyId: 7241112465017143305 } }, $db: "test" }
As I unserstand, "out" creates new collection.