我最近从 4.0.2
升级到了 mongo 4.2.0
。在以前的版本中,用户可以访问 system.indexes,但升级后,用户无法访问 system.indexes 集合。用户已具有读写角色。此外,我尝试提供 dbAdmin,但仍然没有成功。
为 mongo 启用调试日志后,它显示未授权查询 testdb.system.indexes src/mongo/db/commands/find_cmd.cpp 170
。
有人遇到过这个问题吗?
下面是
的输出
{
"role" : "read",
"db" : "testdb",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ],
"privileges" : [
{
"resource" : {
"db" : "testdb",
"collection" : ""
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
},
{
"resource" : {
"db" : "testdb",
"collection" : "system.js"
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
}
],
"inheritedPrivileges" : [
{
"resource" : {
"db" : "testdb",
"collection" : ""
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
},
{
"resource" : {
"db" : "testdb",
"collection" : "system.js"
},
"actions" : [
"changeStream",
"collStats",
"dbHash",
"dbStats",
"find",
"killCursors",
"listCollections",
"listIndexes",
"planCacheRead"
]
}
]
}
最佳答案
我可以通过为 system.indexes 集合创建新角色并将此角色附加到用户来解决此问题。
db.createRole({role : "readWriteSystem", privileges: [{resource: { db: "testdb", collection: "system.indexes" }, actions: [ "changeStream", "collStats", "convertToCapped", "createCollection", "createIndex", "dbHash", "dbStats", "dropCollection", "dropIndex", "emptycapped", "find", "insert", "killCursors", "listCollections", "listIndexes", "planCacheRead", "remove", "renameCollectionSameDB", "update" ]}], roles:[]})
db.grantRolesToUser('testuser', ['readWriteSystem'])
奇怪的是,当您通过替换二进制文件升级 mongo 时会发生此问题。
我尝试安装一个 4.2 mongo 的新实例,然后将数据复制到它,它工作正常。但由于某些技术原因,我无法在生产中执行此操作。
尊敬的 Mongo 团队,
我尝试使用 https://docs.mongodb.com/manual/tutorial/upgrade-revision/#upgrade-replace-binaries 升级 mongo ,但遇到了上述问题。我认为 doc 缺少与 system.indexes
访问相关更改
关于mongodb - 未授权在 mongo 4.2 中对 testdb.system.indexes src/mongo/db/commands/find_cmd.cpp 170 进行查询,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/57721306/