Reputation: 85
MongoDB custom user roles - "user is not allowed(...)"
I created a free tier cluster on MongoDB Atlas (it has 3 shards) and I want my Node.js app to connect with a database I created there, using a specific user, that will be restricted from using any other database than the one inteded for this app.
So step by step.
I create a database called, let's say, test.
I create a role here - I go to Security -> MongoDB Roles -> Add New Custom Role and I give it all Collection actions and all Database actions and roles to test
Time for a user, so again Security -> MongoDB Users -> Add New User and I assign a previously created role to it so it has access only to test database. So now I have 2 users - atlasAdmin and my created user.
That's where the problem occurs, when I use admin user in my app to connect, .find() or .create() it works fine all the time. With a user with custom role, it works for like 10mins/1 connection (until I shut down the local server I have my node app on) and the next time I get an error that "user is not allowed to perform action (...)".
I tried everything, tinkering with a string I use to connect, updating mongoose (I use it in my app), creating user and custom role using mongodb shell but nothing seems to work.
HOWEVER:
if I have this custom user, my app connects with it to the database and it works, then on the next connection it stops working AND I go here and just click
UPDATE USERwithout changing anything there (I just clickeditnext to the user and thenupdate) then wait for the cluster to make changes, it will work again for like +/- one connection.everything works just fine if my app uses admin account
Anyone had similar problem? Screenshot of the error I was also thinking that it might be because of how many times I try to connect with mongo from the app (I use nodemon so everytime I save a file with changes, server restarts, thus connecting to database again) but I think that's not the case - if it was, why would I be able to make it work with admin user?
The string I use to connect with mongo:
// DATABASE SETUP
var dbURL = 'mongodb://[cluster0:port],[cluster1:port],[cluster2:port]/test?ssl=true&replicaSet=Cluster0-shard-0&authSource=admin&retryWrites=true';
var options = {
useNewUrlParser: true,
dbName: "test"
user: [login],
pass: [pass]
};
mongoose.connect(dbURL, options);
Upvotes: 1
Views: 4789
Answers (1)
Reputation: 96
I have also encountered this problem on Atlas Free tier, not just on NodeJS but Java as well
For now, you can try mitigating this problem by using a default role instead of having a custom one
On the MongoDB Users tab, click "Edit" on your user => Add Default Privileges
Then select "readWrite" and type your database name on the first field, then save the user
Or, if you want database administration, add another field with "dbAdmin" role
At least that's how I solved it. I hope this helps.
Side note: You can also use the shorter connection string (MongoDB+SRV) and it would still work.
Upvotes: 8
Related Questions
- Cannot add data to MongoDB Atlas "not authorized to execute command { insert: ... }"
- MongoError: user is not allowed to do action [find] on [test.users]
- Grant user roles in MongoDB via nodejs
- MongoDB Atlas User Authentication using node.js
- MongoDB atlas through mongo shell: "Error: bad auth : Authentication failed." what could possibly cause this Authentication failure?
- Mongo Atlas: Connection authentication failed with custom databases
- Impossible to create users (or custom-based roles) in Mongo on server NodeJS
- Applying custom role to user
- Authorization fail to MongoDB Atlas from Node.JS
- mongodb: how to set correctly roles and privileges?