MongoDB: Couldn't add user - not authorized (CloudFoundry)

Question

I have a MongoDB (Service Plan: small) and I would like to create an additional user but it seems I dont have the necessary privileges to do so.

db.createUser({ user: "whateverusername" , pwd: "whateverpassword", roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase"]})

Failed to execute script.

Error: couldn't add user: not authorized on XXXXXXX to execute command { createUser: "whateverusername", pwd: "xxx", roles: [ "userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase" ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 600000.0 } } : _getErrorWithCode@src/mongo/shell/utils.js:25:13 DB.prototype.createUser@src/mongo/shell/db.js:1290:15 @(shell):1:1

and I cant list the users:

db.system.users.find();

Error: error: { "ok" : 0, "errmsg" : "not authorized on XXXXXXX to execute command { find: \"system.users\", filter: {} }", "code" : 13, "codeName" : "Unauthorized" }

Is this restriction intended? Is there a way to get the readWriteAnyDatabase role? Am I doing something wrong?

I really appreciate any help you can provide!

Answer 1

You need to add users through CloudFoundry. Either bind the service to an app, which will create a user to be used by that app, or create a service key which is meant for all other purposes (mostly for the cases where a human needs to interact with the database).

Here's the docs on how to bind a service to an app: https://docs.developer.swisscom.com/devguide/services/application-binding.html

A tutorial for it: https://docs.developer.swisscom.com/tutorial-go/bind-service.html

And here's how to create service keys: https://docs.developer.swisscom.com/devguide/services/service-keys.html