Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

No database shown for Atlas user only has permissions on specific databases #1368

Closed
drewfle opened this issue Jun 2, 2017 · 9 comments
Closed

Comments

@drewfle
Copy link

drewfle commented Jun 2, 2017

For MongoDB Atlas user, when the database user only has readWrite permission on specific databases, after connecting to the cluster, no database shown in Robomongo. And Show log gives:

Error while trying to show global log: not authorized on admin to execute command { getLog: "global" }

I assume I am using an application mongodb user that only has readWrite permission on a database. To mitigate this issue, I add an extra permission to this user, and the usable permission combination in MongoDB Atlas is as below:

  1. clusterMonitor@admin
  2. readWrite@

I guess it works because getLog works?

Anyway, is it possible to add a connection option that allows database user only has read/readWrite permission to use Robomongo?

@drewfle drewfle changed the title No database shown for Atlas user with only permissions on specific databases No database shown for Atlas user only has permissions on specific databases Jun 2, 2017
@juliashibalko juliashibalko self-assigned this Jun 5, 2017
@simsekgokhan
Copy link
Collaborator

simsekgokhan commented Jun 15, 2017

Hi @drewfle , thanks for reporting the problem.
We have reproduced the issue and it seems like a real problem which might require code change. We will investigate.

@markwclancy
Copy link

markwclancy commented Nov 9, 2017

+1 to fix this asap please

@arnoldligtvoet
Copy link

arnoldligtvoet commented Jan 26, 2018

I can confirm this issue as well. My setup is:

  • admin user that has all rights
  • production user with read/write on specific database
  • databases hosted at MongoDB Atlas 3.6

When I logon to the cluster using Robo 3T as production user I see the replica set and the system folder, but no databases at all. When I logon using Robo 3T as the admin user I see the replica set, system folder and three databases (one of which the production user has r/w rights on).

When I use MongoDB Compass Community with the same credentials for the production user I get to see (and use) the database on which this user has r/w rights.

The setup I am using:
Connection - Type : replica set
Connection - Name : arbitrary name
Connection - Members : URL to all three members
Connection - Set name : name of the rs

Auth - Perform Auth : yes
Auth - Database : admin
Auth - User & Pass : credentials
Auth - Mech : SCRAM-SHA-1

SSH : no

SSL : yes, self signed, no PEM or advanced

Advanced : Default db empty (also tried putting name of db in there, does not make a difference)

@EitherZeroOrOne
Copy link

EitherZeroOrOne commented Nov 14, 2018

Hello, I just faced this issue this morning and was wondering if there's any progress on it at all? We have a real use case where a mongo user needs to just see one database using Robo3T, and at this point in time it does not seem possible without also giving clusterMonitor role to the user, which is less than ideal.

Thanks.

@siennamw
Copy link

siennamw commented Feb 1, 2019

👍

@vijayanettem
Copy link

vijayanettem commented Feb 12, 2019

Any fix for this? Workaround provided works but need a permanent solution for Robo3T. It works fine on Studio3T though.

@simsekgokhan
Copy link
Collaborator

simsekgokhan commented Feb 13, 2019

Root cause of the problem seems to be coming from MongoDB command listDatabases. This command can be run only by admin and not by authenticated users which is causing our problem in this ticket.
The fix seems to be in MongoDB version r4.1.8 which was released 21 hours ago.
At this moment, the new Robo 1.3 has already been upgraded from MongoDB 3.4 to 4.0.5, soon to be released.

To fix this problem, we will need to upgrade MongoDB drivers at least to 4.1.8 in the next Robo releases.

Details:
https://jira.mongodb.org/browse/SERVER-6898
Message: SERVER-6898 Enable listDatabases for all users
Branch: master
mongodb/mongo@a34fa65

@simsekgokhan
Copy link
Collaborator

simsekgokhan commented Feb 14, 2019

And as a workaround this seems to be working:
Create a new database with the name of existing db to which the user is authenticated.

Original comment: #389 (comment)

@simsekgokhan simsekgokhan added this to Candidates in Robo 3T 1.4 - Candidates Mar 20, 2019
simsekgokhan added a commit that referenced this issue Jun 14, 2020
@simsekgokhan
Copy link
Collaborator

simsekgokhan commented Dec 29, 2020

Hi all, we have added a related feature in v1.4.
I hope it will help you -> https://blog.robomongo.org/robo-3t-1-4/#a2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

8 participants