PyMongo:"not authorized on db to execute command" 但角色和凭据没问题
PyMongo: "not authorized on db to execute command" but roles and credentials are ok
我有两个用户,admin 和 user。
use admin
db.getUser('admin')
{
_id: 'admin.admin',
userId: UUID("xx"),
user: 'admin',
db: 'admin',
roles: [
{ role: 'userAdminAnyDatabase', db: 'admin' },
{ role: 'readWriteAnyDatabase', db: 'admin' }
],
mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}
use mydb
db.getUser('user')
{
_id: 'mydb.user',
userId: UUID("xx"),
user: 'user',
db: 'mydb',
roles: [ { role: 'readWrite', db: 'mydb' } ],
mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}
如果我使用 mongosh 或 MongoDB Compass 以 user 身份登录,我完全可以执行任何读取或写入查询,但如果我使用 PyMongo 游标尝试任何操作:
r = list(mongo.db.mycollection.find())
我得到:
pymongo.errors.OperationFailure: not authorized on db to execute command { find: "mycollection", filter: {}, lsid: { id: UUID("xx") }, $db: "db", $readPreference: { mode: "primaryPreferred" } }, full error: {'ok': 0.0, 'errmsg': 'not authorized on db to execute command { find: "config", filter: {}, lsid: { id: UUID("xx") }, $db: "db", $readPreference: { mode: "primaryPreferred" } }', 'code': 13, 'codeName': 'Unauthorized'}
但是如果我使用管理员来做同样的事情,一切都很好。
我的猜测是它通过了身份验证但没有进入指定的数据库,它可能到达了其他一些默认数据库,这就是为什么它说它没有授权(尽管我在 URI 中指定了它)。
这是我的 URI:
mongodb://user:passwd@localhost:27017/mydb?authSource=mydb&readPreference=primary&appname=myapp&ssl=false
关于如何调试我的问题有什么想法吗?
我想 python 在后台运行一些额外的查询。
来自 MongoDB 文档:
Roles which are created in other database than admin can only include privileges that apply to its database and can only inherit from other roles in its database.
A role created in the admin database can include privileges that apply to any database or to the cluster resource, and can inherit from roles in other databases as well as the admin database.
我建议在 admin 数据库中创建用户并相应地授予角色:
db.getSiblindDB("admin").createUser( {
user: "user",
pwd: "<password>"
roles: [ { role: "readWrite", db: "mydb" }]
})
我有两个用户,admin 和 user。
use admin
db.getUser('admin')
{
_id: 'admin.admin',
userId: UUID("xx"),
user: 'admin',
db: 'admin',
roles: [
{ role: 'userAdminAnyDatabase', db: 'admin' },
{ role: 'readWriteAnyDatabase', db: 'admin' }
],
mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}
use mydb
db.getUser('user')
{
_id: 'mydb.user',
userId: UUID("xx"),
user: 'user',
db: 'mydb',
roles: [ { role: 'readWrite', db: 'mydb' } ],
mechanisms: [ 'SCRAM-SHA-1', 'SCRAM-SHA-256' ]
}
如果我使用 mongosh 或 MongoDB Compass 以 user 身份登录,我完全可以执行任何读取或写入查询,但如果我使用 PyMongo 游标尝试任何操作:
r = list(mongo.db.mycollection.find())
我得到:
pymongo.errors.OperationFailure: not authorized on db to execute command { find: "mycollection", filter: {}, lsid: { id: UUID("xx") }, $db: "db", $readPreference: { mode: "primaryPreferred" } }, full error: {'ok': 0.0, 'errmsg': 'not authorized on db to execute command { find: "config", filter: {}, lsid: { id: UUID("xx") }, $db: "db", $readPreference: { mode: "primaryPreferred" } }', 'code': 13, 'codeName': 'Unauthorized'}
但是如果我使用管理员来做同样的事情,一切都很好。
我的猜测是它通过了身份验证但没有进入指定的数据库,它可能到达了其他一些默认数据库,这就是为什么它说它没有授权(尽管我在 URI 中指定了它)。
这是我的 URI:
mongodb://user:passwd@localhost:27017/mydb?authSource=mydb&readPreference=primary&appname=myapp&ssl=false
关于如何调试我的问题有什么想法吗?
我想 python 在后台运行一些额外的查询。
来自 MongoDB 文档:
Roles which are created in other database than
admincan only include privileges that apply to its database and can only inherit from other roles in its database.A role created in the
admindatabase can include privileges that apply to any database or to the cluster resource, and can inherit from roles in other databases as well as theadmindatabase.
我建议在 admin 数据库中创建用户并相应地授予角色:
db.getSiblindDB("admin").createUser( {
user: "user",
pwd: "<password>"
roles: [ { role: "readWrite", db: "mydb" }]
})