[SERVER-12593] Can you create a role that will have permission for currentOp and killOp Created: 03/Feb/14  Updated: 10/Dec/14  Resolved: 18/Mar/14

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: Ron Natan Assignee: Andy Schwerin
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
Related
is related to DOCS-2929 Add tutorial with examples of user-de... Closed
Participants:

 Description   

I tried the following on 2.5.5 and it said unrecognized. How can I give this permission to a user without full dbAdmin so that they can cancel their long-running queries? Even better would be that they could only cacnel their own.

> db.runCommand({createRole: "killOpRole", privileges: [{resource:

{cluster: true}

, actions: ["killOp", "currentOp"]}]})
{
"ok" : 0,
"errmsg" : "Unrecognized action privilege string: killOp",
"code" : 9
}



 Comments   
Comment by Stennie Steneker (Inactive) [ 18/Mar/14 ]

Hi Ron,

Please be advised I'm now closing this issue. The user-defined roles work as expected per the example that Andy has provided.

I would also note that the SERVER project is only intended for bug or feature requests.

If you have any further questions regarding new features in MongoDB 2.6 or using MongoDB, an appropriate community support forum is the mongodb-user discussion group.

Thanks,
Stephen

Comment by Spencer Brody (Inactive) [ 04/Feb/14 ]

Also, you will need to use "inprog" instead of "currentOp".

Comment by Andy Schwerin [ 03/Feb/14 ]

I believe that it's killop, not killOp. Also, I believe that killCursors is an operation targeting a database, not the cluster.

Try the following:

> db.createRole({
    role: "killOpRole", 
    privileges: [
        { resource: { cluster: true }, actions: [ "killop" ] },
        { resource: { db: "", collection: "" }, actions: [ "killCursors" ] }
    ],
    roles: []
})

Can you let us know what documentation you used, so we can check its accuracy and clarity?

Generated at Thu Feb 08 03:28:58 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.