Reputation: 792
What are "system managed users" in DocumentDB?
We have a cluster in AWS, with a Document DB up and running. I wanted to grant some extra privileges, so I connected to the database as an user with the root role granted, and did the usual MongoDB thing:
db.grantRolesToUser("nameOfTheUser", ["readWrite"])
Instead of just granting the privileges, it gave me:
2020-05-04T15:26:42.053+0000 E QUERY [js] uncaught exception: Error: Cannot update system managed users' roles :_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.grantRolesToUser@src/mongo/shell/db.js:1592:15
@(shell):1:1
This is the first time I hear about any system managed users. I searched both MongoDB and AWS DocumentDB docs, but didn't find it anywhere. What are they? How an user ends up being system managed? And how can I change their privileges?
Upvotes: 1
Views: 979
Answers (1)
Reputation: 5101
The serviceadmin user is created implicitly when the cluster is created. Every Amazon DocumentDB cluster has a serviceadmin user that provides AWS the ability to manage your cluster. You cannot log in as, drop, rename, change the password, or change the permissions for serviceadmin. Any attempt to do so results in an error.
Please see the following for more information: https://docs.aws.amazon.com/documentdb/latest/developerguide/security.managing-users.html
Upvotes: 1
Related Questions
- MongoDB: Understand createUser and db admin
- A MongoDB "userAdminAnyDatabase" user cannot admin users in "any database". Why?
- What is the "admin" database in mongodb?
- What is MongoDB's Role-Based Access Control?
- MongoDB Authentication Database Purpose
- What built-in MongoDB roles permit a user to create a new databases and users for all databases?
- In MongoDB, is 'users' a default collection?
- How to create a database admin that will manage its database users
- MongoDB user roles
- mongodb - abuse of system.users collection?