PBM restore mongo 6 failed

MongoDB Percona Backup for MongoDB
1

PBM 2.1.0 Mongo 6
Error: operation failed with: swap users ‘n’ roles: delete current roles: (Unauthorized) not authorized on admin to execute command { delete: “system.roles”, ordered: true, lsid: { id: UUID(“e62f7783-866d-4bc4-996f-c989bef9ee2e”) }, $clusterTime: { clusterTime: Timestamp(1681895759, 4), signature: { hash: BinData(0, 2FC265DC20F7B58B08ABC16BF1DDDD61513442C7), keyId: 7223636036931289094 } }, $db: “admin” }

When I use root also get this error.

Any ideas?

2

After I add the role __system to the root user then restore the success

3

The __system role is a built-in role in MongoDB that grants privileges required for system actions, such as creating or modifying indexes or working with the system collection.
So looks like you restored systems collections and that is why such permission was required

4

image
image1191×611 66.5 KB

I think the error is from the method, swapUsers it will delete roles from the collection system.roles
PBM need to handle the system.roles

5

Hi,

How did you fixed the problem. I’ve tried to restore backup of freshly installed mongodb.
It gives same error.

I used “pbm backup” command to backup and “pbm restore ”.

Starting restore 2024-10-01T05:47:11.981187675Z from ‘2024-10-01T05:41:20Z’…Started logical restore.

Waiting to finish.Error: operation failed with: restoring users and roles: swap users ‘n’ roles: delete current roles: (Unauthorized) not authorized on admin to execute comm

and { delete: “system.roles”, ordered: true, writeConcern: { w: “majority” }, lsid: { id: UUID(“49a45bbd-66d4-4df8-94e5-2bd2ebb61ab0”) }, $clusterTime: { clusterTime: Timest

amp(1727761635, 4), signature: { hash: BinData(0, 8559B2617235CD4DD0E340D384AB98499E770601), keyId: 7418853226931290119 } }, $db: “admin” }

Thanks,

6

it looks like the pbm user doesn’t have the proper privileges. Please check Configure authentication in MongoDB - Percona Backup for MongoDB and confirm that

7

I’ve tried as admin user and pbm user as documentation, result was same.

8

can you post here the output of :

db.getUser("pbmUser")
db.getRole("pbmAnyAction", { showPrivileges: true })

make sure to replace above with the proper pbmUser and pbmAnyAction user/role name you are using.

9

Here is the result.

prod [direct: primary] admin> db.getUser("pbmuser")
{
  _id: 'admin.pbmuser',
  userId: UUID('04a828d4-d02b-4b41-8dd2-423ab4018f70'),
  user: 'pbmuser',
  db: 'admin',
  roles: [
    { role: 'readWrite', db: 'admin' },
    { role: 'clusterMonitor', db: 'admin' },
    { role: 'pbmAnyAction', db: 'admin' },
    { role: 'restore', db: 'admin' },
    { role: 'backup', db: 'admin' }
  ],
  mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}
prod [direct: primary] admin> db.getRole("pbmAnyAction", { showPrivileges: true })
{
  _id: 'admin.pbmAnyAction',
  role: 'pbmAnyAction',
  db: 'admin',
  privileges: [ { resource: { anyResource: true }, actions: [ 'anyAction' ] } ],
  roles: [],
  inheritedRoles: [],
  inheritedPrivileges: [ { resource: { anyResource: true }, actions: [ 'anyAction' ] } ],
  isBuiltin: false
}
10

Permissions look good. Are you running the latest PBM 2.6.0? in that case please open a bug at Jira - Percona JIRA so our dev team can take a look.