Not the answer you need?
Register and ask your own question!

Permissions Help - LDAP grant create database

mdioriomdiorio Current User Role Contributor
I'm really new to MongoDB coming from MSSQL and I'm totally confused right now.
I have LDAP configured and working.  A user can log into Mongo and with the role I have, can at least view the databases and collections.

admin.createRole({role: "CN=MongoAdmins,OU=Applications,OU=SecurityGroups,DC=internal,DC=domain,DC=com",privileges:[],roles: ["dbAdminAnyDatabase" ]})

I thought dbAdminAnyDatabase would grant enough permissions to allow your developers to create databases, collection and generally administer things.  But they aren't allowed to really do a thing but log in and view.

How do I properly grant the permissions I really want?  This group of users should be able to create databases and fully administer everything but users really.

Thanks!

Answers

  • Igor SolodovnikovIgor Solodovnikov Percona Percona Staff Role
    Hello @mdiorio
    dbAdminAnyDatabase role includes permission to create collections as is documented @ https://docs.mongodb.com/manual/reference/built-in-roles/
    You can also check other necessary permission/roles there.
    If you cannot create collections then you need to check if expected roles were correctly granted to logged-in user. To do this you need to execute this command:
    db.runCommand({connectionStatus : 1})
    Then check 'authenticatedUserRoles' array in the output
Sign In or Register to comment.

MySQL, InnoDB, MariaDB and MongoDB are trademarks of their respective owners.
Copyright ©2005 - 2020 Percona LLC. All rights reserved.