> use admin;
switched to db admin
> db.runCommand({connectionStatus : 1})
{
"authInfo" : {
"authenticatedUsers" : [
{
"user" : "admin",
"db" : "admin"
}
],
"authenticatedUserRoles" : [
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
}
]
},
"ok" : 1
}
> db.grantRolesToUser("admin", [{role: "readWrite", db: "mydatabase"}])
2019-11-02T21:53:23.576+0000 E QUERY [js] uncaught exception: Error: not authorized on admin to execute command { grantRolesToUser: "admin", roles: [ { role: "readWrite", db: "mydatabase" } ], writeConcern: { w: "majority", wtimeout: 600000.0 }, lsid: { id: UUID("7f945e1d-4165-4f23-9e83-d209e81d5417") }, $db: "admin" } :
这是我的问题的摘要
我创建了一个管理员用户,几乎可以无限访问
我与该管理员用户进行了身份验证,并试图授予角色
我收到未经验证的错误???
在ubuntu 18.04 上运行mongodb 4.2
要授予角色,您需要grantRole操作权限。此操作在userAdmin内置角色中可用。
您的admin用户当前只有readWriteAnyDatabase、clusterAdmin和dbAdminAnyDatabase角色。您需要将userAdmin添加到该列表中,以允许它将其他角色授予另一个用户。