Reputation: 3262
MongoDB : applyOps: not authorized on admin to execute command
A Very Good Day,
I have the user in the mongodb like below who has the superuser privileges (I confirmed the role setting using show users command)
{
"_id" : "admin.mongoadmin",
"user" : "mongoadmin",
"db" : "admin",
"roles" : [
{
"role" : "readWrite",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
when I try to restore the oplog using the mongorestore, I get the error :
Failed: restore error: error applying oplog: applyOps: not authorized on admin to execute command { applyOps: [ { ts: Timestamp(1552828309, 1), h: 4632811839329880092, v: 2, op: "c", ns: "admin.$cmd", o: { create: "system.keys", idIndex: { v: 2, key: { _id: 1 }, name: "id", ns: "admin.system.keys" } }, o2: {} } ], $db: "admin" }
mongorestore -u admin -p password --authenticationDatabase=admin --oplogFile 0000000000_0_oplog.bson --oplogReplay --oplogLimit=1552828432 --dir='/oplog/temp'
2019-03-17T13:47:36.945+0000 preparing collections to restore from
2019-03-17T13:47:36.945+0000 replaying oplog
2019-03-17T13:47:36.962+0000 Failed: restore error: error applying oplog: applyOps: not authorized on admin to execute command { applyOps: [ { ts: Timestamp(1552828309, 1), h: 4632811839329880092, v: 2, op: "c", ns: "admin.$cmd", o: { create: "system.keys", idIndex: { v: 2, key: { _id: 1 }, name: "_id_", ns: "admin.system.keys" } }, o2: {} } ], $db: "admin" }
NOTE : I specified the oploglimit (--oplogLimit=1552828432) with the last value I got from the bsondump Is this correct? Or Am I missing anything?
(i.e)
{"ts":{"$timestamp":{"t":1552828432,"i":79}},"t":{"$numberLong":"1"},"h":{"$numberLong":"-2072015676601300967"},"v":2,"op":"i","ns":"inventory.hari","ui":{"$binary":"avdlGH8AS1eBPXRytlO1Yg==","$type":"04"},"wall":{"$date":"2019-03-17T13:13:52.139Z"},"o":{"_id":"79","name":"Hari","role":"Developer","isEmployee":true}}
{"ts":{"$timestamp":{"t":1552828432,"i":80}},"t":{"$numberLong":"1"},"h":{"$numberLong":"-6279494628130059002"},"v":2,"op":"u","ns":"inventory.hari","ui":{"$binary":"avdlGH8AS1eBPXRytlO1Yg==","$type":"04"},"o2":{"_id":"79"},"wall":{"$date":"2019-03-17T13:13:52.139Z"},"o":{"_id":"79","name":"WD_Userjava.util.Random@9a7504c","role":"Developer","isEmployee":true}}
Anyhelp is appreciated. Thanks in advance.
Upvotes: 3
Views: 3133
Answers (1)
Reputation: 41
use admin
db.createRole(
{
role: "interalUseOnlyOplogRestore",
privileges: [
{ resource: { anyResource: true }, actions: [ "anyAction" ] }
],
roles: []
}
)
db.createUser({
user: "root",
pwd: "password",
roles: [
{role: "root", db: "admin"},"__system","interalUseOnlyOplogRestore","backup"
]
})
Better though to reduce the privileges to something like below.
db.createUser({
user: "root2",
pwd: "password",
roles: [
"interalUseOnlyOplogRestore"
]
})
After this you can run the restore command
mongorestore --port 27017 --oplogReplay oplogRestore --authenticationDatabase admin -u root2 -p password
Upvotes: 4
Related Questions
- MongoDB - admin user not authorized
- MongoDB: All commands spit out "not authorized on admin to execute command"
- "not authorized on admin to execute command" even using root role
- Not authorized for command: addShard on database admin
- MongoDB: Not authorized on database to execute command eval
- how to solve the error reading database : not authorized in mongo DB
- MongoDB: Not authorized on admin to execute command
- Mongodb not authorized on admin to execute listDatabases command
- mongodb 3.2 :Error not authorized on admin to execute command on new installation
- mongoDB : Authentication of user is working fine, but getting "Unauthorized not authorized on admin to execute command" in the logs