[DOCS-13030] clusterMonitor role user is not able to fetch collections from db Created: 16/Sep/19 Updated: 30/Oct/23 |
|
| Status: | Closed |
| Project: | Documentation |
| Component/s: | Server |
| Affects Version/s: | 3.6.6 |
| Fix Version/s: | Server_Docs_20231030 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | rahul mahor | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | docs-investigating | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
MongoDB 3.6.3 . |
||
| Participants: | |
| Days since reply: | 1 year, 14 weeks, 2 days ago |
| Epic Link: | DOCSP-1769 |
| Description |
| Comments |
| Comment by Education Bot [ 31/Oct/22 ] |
|
Hello! This ticket has been closed due to inactivity. If you believe this ticket is still important, please reopen it and leave a comment to explain why. Thank you! |
| Comment by rahul mahor [ 18/Sep/19 ] |
|
Hi , thanks for your response.
Command run on 3.6.3 show collections 2019-09-18T12:27:13.630+0530 E QUERY [thread1] Error: listCollections failed: { "ok" : 0, "errmsg" : "not authorized on test to execute command { listCollections: 1.0, filter: {}, lsid: { id: UUID(\"107efc5d-3d56-4944-b284-e3c678f40893\") }, $db: \"test\" }", "code" : 13, "codeName" : "Unauthorized"} :_getErrorWithCode@src/mongo/shell/utils.js:25:13DB.prototype._getCollectionInfosCommand@src/mongo/shell/db.js:941:1DB.prototype.getCollectionInfos@src/mongo/shell/db.js:953:19DB.prototype.getCollectionNames@src/mongo/shell/db.js:964:16shellHelper.show@src/mongo/shell/utils.js:853:9shellHelper@src/mongo/shell/utils.js:750:15@(shellhelp2):1:1
User : {{ "_id" : "test.user_cluster", "user" : "user_cluster", "db" : "test", "roles" : [ { "role" : "clusterMonitor", "db" : "admin" }]}
With same user , same command run on 4.2 : there is no problem and all collections , I am able to fetch.
|
| Comment by Ravind Kumar (Inactive) [ 16/Sep/19 ] |
|
rmahor06@gmail.com copying in your feedback from another ticket:
I think the behavior you are seeing is likely due to changes introduced in MongoDB 4.0 that allow listCollections to work if specified with certain options. The release notes also reference this, though its not really straightforward to parse. Can you verify the exact command you are specifying in 4.0/3.6, as well as whether the user you are authenticating as has any additional roles or privileges attached to it? If this is a case of the 4.0 behavior not being clear, I think we can make some tweaks to better call out the new behavior. If there's something else going on, however, I would strongly recommend starting with our Community Support Forum. Potential documentation updates would depend on the outcome of discussions on that forum. As a general note, the clusterMonitor role states that it provides read-only access to monitoring tools. That does not necessarily mean read-access to all databases, collections, and documents. Looking at the privilege list, it specifically lists databases, and can list collections for certain system or local collections. If you need explicit all-database access, please use one of the built-in all-database roles |