Not authorized for query on admin.system.namespaces on mongodb

Question

I start a new mongo instance, create a user, authorize it, but when I run "show collections", the system says that the id is not authorized. I do not know why?

# mongo admin
MongoDB shell version: 2.4.3
connecting to: admin
Server has startup warnings:
Thu May 23 18:23:56.735 [initandlisten]
Thu May 23 18:23:56.735 [initandlisten] ** NOTE: This is a 32 bit MongoDB binary.
Thu May 23 18:23:56.735 [initandlisten] **       32 bit builds are limited to less than 2GB of data (or less with --journal).
Thu May 23 18:23:56.735 [initandlisten] **       See http://dochub.mongodb.org/core/32bit
Thu May 23 18:23:56.735 [initandlisten]
> db = db.getSiblingDB("admin")
admin
> db.addUser({user:"sa",pwd:"sa",roles:["userAdminAnyDatabase"]})
{
        "user" : "sa",
        "pwd" : "75692b1d11c072c6c79332e248c4f699",
        "roles" : [
                "userAdminAnyDatabase"
        ],
        "_id" : ObjectId("519deedff788eb914bc429b5")
}
> show collections\
Thu May 23 18:26:50.103 JavaScript execution failed: SyntaxError: Unexpected token ILLEGAL
> show collections
Thu May 23 18:26:52.418 JavaScript execution failed: error: {
        "$err" : "not authorized for query on admin.system.namespaces",
        "code" : 16550
} at src/mongo/shell/query.js:L128
> db.auth("sa","sa")
1
> show collections
Thu May 23 18:27:22.307 JavaScript execution failed: error: {
        "$err" : "not authorized for query on admin.system.namespaces",
        "code" : 16550
} at src/mongo/shell/query.js:L128

Answer 1

I solved it like so for mongoDB 2.6 + currently 3

db.createUser(
  {
    user: "username",
    pwd: "password",
    roles: [ { role: "root", db: "admin" } ]
  }
)

note that for the role filed instead of userAdminAnyDatabase we use root

Answer 2

As Robert says, admin users has only rights to admin, not to write in databases. So you have to create a custom user for your database. There's different ways. I have choose the dbOwner way.

(I use Ubuntu Server, mongo 2.6.3 and Robomongo)

So to do this, fisrt create your admin user like mongo says :

type mongo in your linux shell

and these command in the mongo shell :

use admin
db.createUser({user:"mongoadmin",pwd:"chooseyouradminpassword",roles:[{role:"userAdminAnyDatabase",db:"admin"}]})
db.auth("mongoadmin","chooseyouradminpassword")
exit

edit the mongo conf file with :

nano /etc/mongod.conf

You can use vi if nano is not installed.

activate authentication by uncommented/adding these line auth=true

if you want to use Robomongo from other machine change the line bind_ip=127.0.0.1 by bind_ip=0.0.0.0 (maybe you should add more protection in production).

type in linux shell :

service mongod restart
mongo

And in mongo shell :

use admin
db.auth("mongoadmin","pwd:"chooseyouradminpassword")
use doomnewdatabase
db.createUser({user:"doom",pwd:"chooseyourdoompassword",customData:{desc:"Just me as I am"},roles : [{role:"dbOwner",db:"doomnewdatabase"}]})
db.auth("doom","chooseyourdoompassword")
show collections

(customData is not required).

If you want to try if it works, type this in the mongo shell :

db.products.insert( { item: "card", qty: 15 } )
show collections
db.products.find()

Good luck ! Hope it will help you and others !

I have search this informations for hours.

Answer 3

For MongoDB version 2.6 use:

db.createUser(
{
   user: "testUser"
   pwd: "password",
   roles: [{role: "readWrite", db:"yourdatabase"}]
})

See the docs

Answer 4

I had the same problem and this is how I solved it:

db = db.getSiblingDB('admin')
db.addUser( 
    { user: "mongoadmin", 
      pwd: "adminpass", 
      roles: ['clusterAdmin', 'userAdminAnyDatabase', 'readAnyDatabase'] } )

Answer 5

I had the same problem, but I found this tutorial and it helped me.

http://www.hacksparrow.com/mongodb-add-users-and-authenticate.html

use:

db.addUser('sa', 'sa')

instead of

db.addUser({user:"sa",pwd:"sa",roles:["userAdminAnyDatabase"]})
{
        "user" : "sa",
        "pwd" : "75692b1d11c072c6c79332e248c4f699",
        "roles" : [
                "userAdminAnyDatabase"
        ],
        "_id" : ObjectId("519deedff788eb914bc429b5")
}

Answer 6

I would try granting the read role to the user. userAdminAnyDatabase grants the ability to administer users.