MongoDB - not authorized in shared cluster despite of atlasAdmin role

Question

I have a problem with a shared mongodb cluster: I try to get data via the nodejs implementation of mongodb. A few days ago, it worked just fine. But now, every getmore command I send to the cluster is very, very slow. So I thought: Maybe I just have to turn it off and on again.

So I tried to connect to the cluster with the mongo shell. Everything works fine, my user has the atlasAdmin role (with can be seen via db.getUser("admin")), but when I try to execute commands like db.shutdownServer() or show users, the server tells me that I'm not authorized. Even the command "db.auth("admin", ...pw...)" returns 1.

After some research, I found out I have to shutdown the server to have a chance to fix this problem. But without permission, how should I do it? Is there any other possibility to perform this, like a button on the atlas webapp or something?

Answer 1

Atlas is a hosted service, so the privileges are different vs. a bare metal MongoDB server. From MongoDB Database User Privileges This is the list of privileges of atlasAdmin:

• readWriteAnyDatabase
• readAnyDatabase
• dbAdminAnyDatabase
• clusterMonitor
• cleanupOrphaned
• enableSharding
• flushRouterConfig
• moveChunk
• splitChunk
• viewUser

shutdown privilege is part of the hostManager role, which is not included in the list above.

Depending on your type of Atlas deployment, here are the list of restricted commands/privileges:

• Unsupported Commands in M0/M2/M5 Clusters
• Unsupported Commands in M10+ Clusters

If you need to "turn on and off" your deployment, you might be able to use the Test Failover button if your type of deployment supports it. That button will step down the primary node and elect a new primary, which for most cases is almost equivalent to "turn off and on again".