db.getSiblingDB("$external").runCommand( { grantRolesToUser: "FULL DN", roles: [{ role: 'readWrite', db: 'dbname' }, {role: 'userAdminAnyDatabase', db: 'admin'}], writeConcern: { w: "majority" , wtimeout: 5000 } } ) { "ok" : 1 } { "_id" : "$external.FULL DN", "user" : "FULL DN", "db" : "$external", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWrite", "db" : "dbname" }, { "role" : "administrator", "db" : "admin" } ] } # mongoexport --ssl --sslCAFile=/usr/local/share/certs/ca.pem --sslPEMKeyFile=/usr/local/share/certs/private_public.pem --authenticationMechanism=MONGODB-X509 --host hostname:27017 -d dbname -c colName --authenticationDatabase admin Enter PEM pass phrase: 2017-11-16T11:27:29.957+0000 Failed: not authorized on dbname to execute command { count: "colName", query: {} }