CODEWITHSUNDEEP
mongodbadminroot
no-stale-reads
no-stale-reads

Reputation: 358

"not authorized on admin to execute command" even using root role

I'm trying to execute the following 'query' on the primary node of my mongodb cluster:

> db.system.sessions.count()

The cluster gives me an error as follow:

"not authorized on admin to execute command", "unauthorized"

The docs said that the role 'root' has implicitly the 'clusterAdmin' role, what I suppose is enough to query the sessions count.

This is the user/roles I'm logged in:

{
    "user" : "admshard",
    "db" : "admin",
    "roles" : [
        {
            "role" : "root",
            "db" : "admin"
        },
        {
            "role" : "clusterManager",
            "db" : "admin"
        },
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        },
        {
            "role" : "dbOwner",
            "db" : "admin"
        }
    ]
}

My mongodb version is 4.2.3. I'm working with 2 databases and 2 arbiters.

Any clue about this?

Thanks!!

Upvotes: 2

Views: 1206

Answers (1)

Joe
Joe

Reputation: 28336

The root role provide the privileges granted by the roles:

  • readWriteAnyDatabase
  • dbAdminAnyDatabase
  • userAdminAnyDatabase
  • clusterAdmin
  • restore
  • backup

clusterManager grants the find privilege on All non-system collections in the config database

readWriteAnyDatabase grants the same privileges as readWrite on all databases except local and config, and also provides the listDatabases action on the cluster as a whole.

You may need to create a custom role, and use grantPivildgesToRole to give it the find action on the config.system.sessions collection.

Upvotes: 2

Related Questions