[DOCS-3581] Access Control Tutorials do not add enough roles to allow the next step Created: 12/Jun/14  Updated: 11/Jan/17  Resolved: 26/Jun/14

Status: Closed
Project: Documentation
Component/s: manual
Affects Version/s: None
Fix Version/s: 01112017-cleanup

Type: Improvement Priority: Major - P3
Reporter: Alan Spencer Assignee: Unassigned
Resolution: Cannot Reproduce Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
Participants:
Days since reply: 9 years, 33 weeks, 6 days ago

 Description   

In
Security > Security Tutorials > Access Control Tutorials > Enable Client Access Control -> Enable Client Access Control -> Create the system user administrator the user created will not be able perform next actions in Security > Security Tutorials > User and Role Management Tutorials > Add a User to a Database



 Comments   
Comment by Kay Kim (Inactive) [ 26/Jun/14 ]

Hi Alan –
I followed the instructions in http://docs.mongodb.org/manual/tutorial/enable-authentication/ to create my siteUserAdmin user with the userAdminAnyDatabase role

> use admin
switched to db admin
> db.createUser(
...   {
...     user: "siteUserAdmin",
...     pwd: "password",
...     roles:
...     [
...       {
...         role: "userAdminAnyDatabase",
...         db: "admin"
...       }
...     ]
...   }
... )
Successfully added user: {
	"user" : "siteUserAdmin",
	"roles" : [
		{
			"role" : "userAdminAnyDatabase",
			"db" : "admin"
		}
	]
}
> quit()

Then to perform the steps in http://docs.mongodb.org/manual/tutorial/add-user-to-database/, I logged in as the newly created siteUserAdmin and was able to create the user in the page

~/Mongo $  /Users/kay/Mongo/mongodb-2.6.3/bin/mongo -u siteUserAdmin -p password --authenticationDatabase admin
MongoDB shell version: 2.6.3
connecting to: test
> use reporting
switched to db reporting
> db.createUser(
...     {
...       user: "reportsUser",
...       pwd: "12345678",
...       roles: [
...          { role: "read", db: "reporting" },
...          { role: "read", db: "products" },
...          { role: "read", db: "sales" }
...       ]
...     }
... )
Successfully added user: {
	"user" : "reportsUser",
	"roles" : [
		{
			"role" : "read",
			"db" : "reporting"
		},
		{
			"role" : "read",
			"db" : "products"
		},
		{
			"role" : "read",
			"db" : "sales"
		}
	]
}
 

It seems like in the CS ticket, the added user seems to need to do show collections and other actions, which the userAdminAnyDatabase role would not provide. However, userAdminAnyDatabase seems sufficient to do the next step to add users.

As such, will close the ticket.

Generated at Thu Feb 08 07:46:02 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.