Warning: file_get_contents(/data/phpspider/zhask/data//catemap/6/mongodb/12.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Mongodb 更新角色用户:管理员未授权执行命令_Mongodb_Permissions_Rbac_Replicaset - Fatal编程技术网
Fatal编程技术网
  • mongodb/
  • Mongodb 更新角色用户:管理员未授权执行命令

Mongodb 更新角色用户:管理员未授权执行命令

mongodb permissions

Mongodb 更新角色用户:管理员未授权执行命令,mongodb,permissions,rbac,replicaset,Mongodb,Permissions,Rbac,Replicaset,当我尝试获取有关复制副本的信息时,出现以下错误: rep0:PRIMARY> rs.printReplicationInfo() 2015-05-19T13:30:29.231+0200 error: { "$err" : "not authorized for query on local.system.namespaces", "code" : 13 } at src/mongo/shell/query.js:131 rep0:PRIMARY>

当我尝试获取有关复制副本的信息时,出现以下错误:

rep0:PRIMARY> rs.printReplicationInfo()
2015-05-19T13:30:29.231+0200 error: {
        "$err" : "not authorized for query on local.system.namespaces",
        "code" : 13
} at src/mongo/shell/query.js:131

rep0:PRIMARY> db.system.users.update({"user":"mongoadmin"},{$addToSet:{"roles":"readAnyDatabase"}})
WriteResult({
        "writeError" : {
                "code" : 13,
                "errmsg" : "not authorized on admin to execute command { update: \"system.users\", updates: [ { q: { user: \"mongoadmin\" }, u: { $addToSet: { roles: \"readAnyDatabase\" } }, multi: false, upsert: false } ], ordered: true }"
        }
})
我已尝试使用以下两个用户执行该命令:

    [
        {
                "_id" : "admin.siteRootAdmin",
                "user" : "siteRootAdmin",
                "db" : "admin",
                "roles" : [
                        {
                                "role" : "root",
                                "db" : "admin"
                        }
                ]
        },
        {
                "_id" : "admin.mongoadmin",
                "user" : "mongoadmin",
                "db" : "admin",
                "roles" : [
                        {
                                "role" : "userAdminAnyDatabase",
                                "db" : "admin"
                        },
                        {
                                "role" : "dbOwner",
                                "db" : "admin"
                        },
                        {
                                "role" : "clusterAdmin",
                                "db" : "admin"
                        }
                ]
        }
]
虽然我有
clusterAdmin
角色来处理副本,但我尝试更新mongoadmin的角色以读取本地数据库(因为所有角色都是在admin db上授予的),但我得到以下错误:

rep0:PRIMARY> rs.printReplicationInfo()
2015-05-19T13:30:29.231+0200 error: {
        "$err" : "not authorized for query on local.system.namespaces",
        "code" : 13
} at src/mongo/shell/query.js:131

rep0:PRIMARY> db.system.users.update({"user":"mongoadmin"},{$addToSet:{"roles":"readAnyDatabase"}})
WriteResult({
        "writeError" : {
                "code" : 13,
                "errmsg" : "not authorized on admin to execute command { update: \"system.users\", updates: [ { q: { user: \"mongoadmin\" }, u: { $addToSet: { roles: \"readAnyDatabase\" } }, multi: false, upsert: false } ], ordered: true }"
        }
})
  • 我需要什么才能完全访问所有 除了
    clusterAdmin
    角色之外,还有复制命令吗
  • 如果两个用户中的任何一个都有管理数据库的权限(mongoadmin是dbOwner),为什么我没有更新命令的权限
我用错误的命令更新角色,这里是正确的命令:

db.grantRolesToUser( "mongoadmin", [{ role: "read", db: "local"}])
现在我可以查看复制信息:

rep0:PRIMARY> rs.printReplicationInfo()
configured oplog size:   990MB
log length start to end: 617347secs (171.49hrs)
oplog first event time:  Thu May 14 2015 14:25:04 GMT+0200 (CEST)
oplog last event time:   Thu May 21 2015 17:54:11 GMT+0200 (CEST)
now:                     Thu May 21 2015 17:54:24 GMT+0200 (CEST)