1. Scenario:-
I have a main database- say portal_mongodb
. Under portal_mongodb
, I have a user portal_mongodba
with role permission {'role': 'dbOwner', 'db' : portal_mongodb}
My env setup is this:-
MONGODB_CONNECTION=mongodb
MONGODB_HOST=localhost
MONGODB_PORT=27017
MONGODB_DATABASE=portal_mongodb
MONGODB_USERNAME=portal_mongodba
MONGODB_PASSWORD=portal_password
MONGODB_MASTER_DATABASE=portal_mongodb
I want to create new database dynamically, but don’t want to create any user for them. I want to give/grant the existing user portal_mongodba
the new roles like this:-
[
{role: 'dbOwner', db: 'new_db'},
{role: 'readWrite', db: 'new_db'},
{role: 'dbAdmin', db: 'new_db'}
]
where new_db
is the new dynamically
created database.
This is my code in PHP:-
$connectionString = 'mongodb://' . env('MONGODB_USERNAME') . ':' . env('MONGODB_PASSWORD') . '@' . env('MONGODB_HOST') . ':' . env('MONGODB_PORT') . '/?authSource=' . env('MONGODB_DATABASE');
$client = new MongoClient($connectionString); // Connect to MongoDB server
$database = $client->$databaseName; // setting new database;
$manager = new MongoManager($connectionString); // setting mongodb manager to execute command
$command = array(
'grantRolesToUser' => env('MONGODB_USERNAME'),
'roles' => array(
array(
'role' => 'dbAdmin',
'db' => $databaseName
),
array(
'role' => 'readWrite',
'db' => $databaseName
),
array(
'role' => 'dbOwner',
'db' => $databaseName
)
)
); // command structure to grant role to existing user
$manager->executeCommand(env('MONGODB_DATABASE'), new MongoCommand($command)); // execute command to grant role
$database->$collectionName->insertOne(array('key' => 'value')); // Insert a document into a collection
2. How I created database and user in Live server:-
I created it via mongoshell. Here are the commands:-
1. Select admin DB:-
use admin
2. Create a new user under admin DB:-
db.createUser({user: "portalAdmin", pwd: "portalAdminPassword",
roles: [
{ role:"userAdminAnyDatabase", db: "admin"},
{role: "root", db: "admin"}
]
})
3. create a new db:-
use lppportal_mongodb
4. Authenticate portalAdmin
before creating user
db.auth( "portalAdmin", "portalAdminPassword" )
5 create portal user
db.createUser({user: "portal_mongodba", pwd: "portal_password",
roles: [{ role: "dbOwner", db: "portal_mongodb"}]}
)
3. How I created the local db:-
From mongoDB compass,
1. Created database
use portal_mongodb
2. Created portal user
db.createUser({user: "portal_mongodba", pwd: "portal_password",
roles: [{ role: "dbOwner", db: "portal_mongodb"}]
})
4. Issue:-
The above code runs perfectly well in Local development machine, but not in server. But that shouldn’t be the case. Both the local user setup and server user setup are same. Here are the details-
A. LIVE Server Data:-
MongoDB user structure
[
{
_id: 'portal_mongodb.portal_mongodba',
userId: UUID('8aa75c1c-e616-403e-a5e9-0bc260abc3b6'),
user: 'portal_mongodba',
db: 'portal_mongodb',
roles: [
{
role: 'dbOwner',
db: 'portal_mongodb'
}
],
mechanisms: [
'SCRAM-SHA-1',
'SCRAM-SHA-256'
]
}
]
env data
MONGODB_CONNECTION=mongodb
MONGODB_HOST=localhost
MONGODB_PORT=27017
MONGODB_DATABASE=portal_mongodb
MONGODB_USERNAME=portal_mongodba
MONGODB_PASSWORD=portal_password
MONGODB_MASTER_DATABASE=portal_mongodb
B. Local Server Data
MongoDB user structure
[
{
_id: 'portal_mongodb.portal_mongodba',
userId: UUID('9a95223e-393c-4c40-acca-4e3e46ee98b0'),
user: 'portal_mongodba',
db: 'portal_mongodb',
roles: [
{
role: 'dbOwner',
db: 'portal_mongodb'
}
],
mechanisms: [
'SCRAM-SHA-1',
'SCRAM-SHA-256'
]
}
]
env data
MONGODB_CONNECTION=mongodb
MONGODB_HOST=localhost
MONGODB_PORT=27017
MONGODB_DATABASE=portal_mongodb
MONGODB_USERNAME=portal_mongodba
MONGODB_PASSWORD=portal_password
MONGODB_MASTER_DATABASE=portal_mongodb
So basically both the env files, user structure are same.
5. Error Message:-
Error Message:- not authorized on portal_mongodb to execute command { grantRolesToUser: "portal_mongodba", roles: [ { role: "dbAdmin", db: "little_buds" }, { role: "readWrite", db: "little_buds" }, { role: "dbOwner", db: "little_buds" } ], $db: "portal_mongodb", lsid: { id: UUID("fd6bb158-f8bb-4eb8-8f45-c79667f66cc2") } }
How can I fix this?