Can't execute `db.find` command with query args

Question

Can't execute `db.find` command with query args

tvytlx opened this issue 7 years ago · comments

Can't execute db.find command with query args, but the native mongo-cli didn't have this issue. Is this a bug?

mydb:PRIMARY> db.mycollection.find({'key': 'val'})
Error: profile command failed: {
  "ok": 0,
  "errmsg": "not authorized on MYDATABASE to execute command { profile: -1.0 }",
  "code": 13,
  "codeName": "Unauthorized"
}

# this user's role
db.getRoles({'showPrivileges':1})
[
  {
    "role": "CrawlerRole",
    "db": "admin",
    "isBuiltin": false,
    "roles": [ ],
    "inheritedRoles": [ ],
    "privileges": [
      {
        "resource": {
          "db": "",
          "collection": ""
        },
        "actions": [
          "find",
          "insert",
          "listIndexes",
          "update"
        ]
      }
    ],
    "inheritedPrivileges": [
      {
        "resource": {
          "db": "",
          "collection": ""
        },
        "actions": [
          "find",
          "insert",
          "listIndexes",
          "update"
        ]
      }
    ]
  }
]

# my mongo version
MongoDB shell version v3.4.0
MongoDB server version: 3.4.0
Mongo-Hacker 0.0.14

Tyler Brock · Answer 1 · Thu Aug 10 2017 12:14:27 GMT+0800 (China Standard Time)

Thanks for writing in @tvytlx. That might happen because mongo-hacker runs an implicit explain (which requires some extra permissions):

Can you try granting "enableProfiler" on your user or disabling "index_paranoia" in mongo-hacker's config?

Xiao Tan · Answer 2 · Thu Aug 10 2017 22:55:36 GMT+0800 (China Standard Time)

I'm not db admin; index_paranoia's default value is false .. 😢

Tyler Brock · Answer 3 · Sun Aug 27 2017 08:17:27 GMT+0800 (China Standard Time)

Just wanted to make sure you saw that there were some changes to roles in 3.4:

https://docs.mongodb.com/manual/release-notes/3.4-compatibility/#user-roles-changes