I am trying to get authorization working on a mongo database on a new Ubuntu machine. I have created an admin user with the role userAdminAnyDatabase:

admin> show users
[
  {
    _id: 'admin.mongoAdmin',
    userId: UUID("590a4465-625a-4fa0-af2e-0f2c75777ac5"),
    user: 'mongoAdmin',
    db: 'admin',
    roles: [ { role: 'userAdminAnyDatabase', db: 'admin' } ],
    mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
  }
]

but I get authorization errors when I try to do anything:

admin> use test
switched to db test
test> db.users.find({})
MongoServerError: not authorized on test to execute command { find: "users", filter: {}, lsid: { id: UUID("f3cf2fbc-bbea-4ceb-83a1-b842b5047e74") }, $db: "test" }

I know I am using the correct id/password, as when I try to run the mongo shell with a different password it fails to start with a password error.

Ubuntu version is 20.04.4 (Focal); Mongo version is 5.0.8:

% mongod --version
db version v5.0.8
Build Info: {
    "version": "5.0.8",
    "gitVersion": "c87e1c23421bf79614baf500fda6622bd90f674e",
    "openSSLVersion": "OpenSSL 1.1.1f  31 Mar 2020",
    "modules": [],
    "allocator": "tcmalloc",
    "environment": {
        "distmod": "ubuntu2004",
        "distarch": "x86_64",
        "target_arch": "x86_64"
    }
}

CodePudding user response：

RoleuserAdminAnyDatabase or userAdmin grant privileges to user administration, i.e. you can run commands like db.createUser(), db.grantRolesToUser() or db.updateUser()

They do not grant to read or write non-system collections of your database.

I guess you need to grant dbAdminAnyDatabase, readWriteAnyDatabase or simply root