Permissions Help - LDAP grant create database

mdiorio · May 11, 2020, 3:11pm

I’m really new to MongoDB coming from MSSQL and I’m totally confused right now.
I have LDAP configured and working. A user can log into Mongo and with the role I have, can at least view the databases and collections.

admin.createRole({role: “CN=MongoAdmins,OU=Applications,OU=SecurityGroups,DC=internal,DC=domain,DC=com”,privileges:,roles: [“dbAdminAnyDatabase” ]})

I thought dbAdminAnyDatabase would grant enough permissions to allow your developers to create databases, collection and generally administer things. But they aren’t allowed to really do a thing but log in and view.

How do I properly grant the permissions I really want? This group of users should be able to create databases and fully administer everything but users really.

Thanks!

Igor_Solodovnikov · May 26, 2020, 2:17am

Hello @mdiorio
dbAdminAnyDatabase role includes permission to create collections as is documented @ https://docs.mongodb.com/manual/reference/built-in-roles/
You can also check other necessary permission/roles there.
If you cannot create collections then you need to check if expected roles were correctly granted to logged-in user. To do this you need to execute this command:

db.runCommand({connectionStatus : 1})

Then check ‘authenticatedUserRoles’ array in the output

Topic		Replies	Views
Support for LDAP (Active Directory) Security Groups Percona Server for MongoDB	6	2108	May 14, 2020
Ldap authorization with percona mongodb Percona Server for MongoDB percona , mongodb	9	985	October 13, 2021
Cannot import database create users on a newly created mongodb cluster Percona Operator for MongoDB	2	402	December 20, 2023
Enable Authorisation on Percona MongoDB Docker Percona Server for MongoDB troubleshooting , percona , mongodb , closed-no-reply	0	618	June 16, 2023
Mongo,mysql,postgres	3	1296	December 25, 2022

Permissions Help - LDAP grant create database

Related topics