I am using MongoDB Atlas as my database.
I am using angular4 with loopback as api.
My application connects to my database fine. However, when I try to get data, I get this error (I have replaced my dbname with dbname):
MongoError: user is not allowed to do action [find] on [dbname.$cmd]
The query works fine if I use a local mongodb client or a mongodb instance on AWS. However, when using atlas, I get this error.
In the Atlas cluster, select Security, go to Database Access click on Edit under database user privileges select Built-in role and under the dropdown select Read and write to any database to the user. Try again or refresh your connection to see the result.
atlasAdmin –
Pelagia Ugh! This took way too much time to fix! For those of you who have the same issue. I had to do both:
1> I had this error, my problem was that I had not changed the database name from "test" to my own database when coping the connection string. – Meier Dec 8 '17 at 12:43
2>
"mongodb://:@cluster0-shard-00-00- rb899.mongodb.net:27017,cluster0-shard-00-01- rb899.mongodb.net:27017,cluster0-shard-00-02- rb899.mongodb.net:27017/?ssl=true&replicaSet=Cluster0-shard- 0&authSource=admin"
Also, In Atlas, you have to specify the older driver 2.2.12 or later. After doing these things it finally worked.
Thanks all!
I had the same error myself.
If you are using v.3.0 of the MongoDB NodeJS driver refer to MikaS post for the MongoClient.connect changes that need to be made. https://mcmap.net/q/129940/-db-collection-is-not-a-function-when-using-mongoclient-v3-0
To connect your application to Atlas MongoDB use the 3.4 driver eg.
mongodb://<USERNAME>:<PASSWORD>@cluster0-shard-00-00-
rb899.mongodb.net:27017,cluster0-shard-00-01-
rb899.mongodb.net:27017,cluster0-shard-00-02-
rb899.mongodb.net:27017/<DBNAME>?ssl=true&replicaSet=Cluster0-shard-
0&authSource=admin
Changed the Role in MongoDB Roles under Database Access to "AtlasAdmin" and it worked.
In the Atlas cluster, click Database Access under SECURITY on the left sidebar.
Click on the button Edit and then add a role atlasAdmin@admin to the user.
https://docs.mlab.com/troubleshooting-atlas-connection-issues/#getlog-error
For anyone get the user is not allowed to do action [getLog] on [admin.] error. Had to explicitly give the user the clusterMonitor role
You can go to Atlas->Security->Database Access tab and add new user with Atlas admin role and then you can connect with the following cmd
mongo "mongodb+srv://cluster0.0q8wi.mongodb.net/admin" --username <username> -p <password>
Usually, this error happens because your current user in the database haven't suitable credentials.
Database Access below the Security section.edit the user which you added.
Built-in Role section, select Atlas admin) and press Update User button.
Go to Atlas website
Database Access > Database Users > Edit(your user) > Built-in Role >> change to Atlas admin
If you get the following error modifying a view on a table, I found that you needed to give "atlas admin" permission.
user is not allowed to do action [collMod] on [<database>.accounts-list]
The standard readWriteAnyDatabase@admin did not work for me. Give the user "Atlas admin" permission.
Go to Database Access->Edit->Build-in-Role->Select atlas_admin update user
If you are using v3.0 mongodb for Node.js you should use the new API as follows, and the MongoDB Atlas URI connection string for driver 3.4 and earlier:
MongoClient.connect(uri, function(err, client) {
console.log("Connected successfully to server");
const db = client.db(dbName);
});
Make sure to whitelist the IP you are using to connect from the Mongo CLI to your DB. Do this under the project Network Access tab.
If you get the error " user is not allowed to do action [insert]. In your mongoDb account, navigate to Database Access then click on the edit button for the user trying to access, navigate to special privileges and click on "Add special Previledge" select the role option and change the role to "readWriteAnyDatabase"
I had the same error when using MongoDB and trying to add data. Finally, I found the solution. The connect string needs to add the project name:
mongodb+srv://:@cluster0.pm9okyd.mongodb.net/?retryWrites=true&w=majority
The project name can be seen in this picture.
To create or modify a database user, please go to cloud.mongodb.com and go to the Database Access tab and make sure that your user has the readWriteAnyDatabase@admin access so you can read or write the data in your MongoDB database
Check it please https://www.mongodb.com/community/forums/t/mongoservererror-user-is-not-allowed-to-do-action/166721
I got past this by getting the collection object directly and executing find (and other operations) on it:
try {
mongoose.connect(MONGODB_URI, options)
const db = mongoose.connection
db.on("error", console.error.bind(console, "connection error:"))
db.once("open", async () => {
console.log("we're connected!")
const collectionObj = db.collection(ATLAS_COLLECTION)
const result = await collectionObj.find({}).toArray()
console.log(result)
}) } catch (error) { console.log({ error }) }
I had the same issue and how I fixed it : Make sure you add the correct MongoDB URL : . Go to Cluster - Connect . Choose 'Connect your Application' . Copy the Url (don't forget to fill out your MongoDB password)
All you need to do is change the user rol to "atlasAdmin" at MongoDB Atlas (DataBase Access)
This also happens if you didn't load credentials correctly, you might have started the script that doesn't load .env variables in case you stored credentials in them (ex. nodemon.json)
the issue is that in database access user have some restriction maybe. --------solution: you dont have to create the user in database Access. you can create when you connect to cluster0--------
Go to Database access Edit your user and under built in roles select Atlas Admin and save the changes, it should work
I solved issue by adding authMechanism: 'SCRAM',
type: 'mongodb',
url: 'mongodb+srv://<account>:<password>@cluster0.pm9okyd.mongodb.net/<projectname>?retryWrites=true&w=majority',
authSource: 'admin',
useNewUrlParser: true,
synchronize: true,
logging: true,
useUnifiedTopology: true,
entities: ['dist/**/*.entity{.ts,.js}'],
loggerLevel: 'debug',
authMechanism: 'SCRAM',
To create or modify a database user, please go to cloud.mongodb.com and go to the Database Access tab and make sure that your user has the readWriteAnyDatabase@admin access so you can read or write the data in your MongoDB database with…
empty collection name means "all". Do not use the '*' wild card
check if your database & collection names are correct. Cloud Atlas won't validate the information you provide and maybe the issue is just a typo
This response is for those trying to limit their account rights and follow the Least Privilege Access Policy.
Long Story, Short: readWriteAnyDatabase@admin is too powerful and a security breach. Give only the necessary rights if you want to go safe.
How to do it (Atlas/Services/Security):
Built-in Role: Atlas Admin, ReadWriteAnyDatabase, ReadAnyDatabase - Easiest Step, but the "any database" should scare us all
Custom Role: I recommend this one because it's scalable as you can use roles with other accounts
Specific Privilege: it's the same as before, but cannot be replicated to other users
The error we are addressing is: user is not allowed to do action [find] on [a_database.my_collection].
We start from Atlas/Services/Security, adding/editing a user:
Solution: We will create a new role for a database named a_database and we will check the strategies for the Collection Name. Select only the rights the user will need usually: find, insert, remove, update.
Database Name: A bit confusing, because it's the ones listed under collections in the Cloud Atlas.
Custom Role is Ready:
Important: If you have many collections, leave it empty instead of using the wildcard * in the collection name. If you want to restrict access, you must create multiple actions representing each of the collections.
Some Examples of How to Use this. See that we are referencing two different collections of the same "a_database" and we left b_database empty, to represent all the collections. Be careful with the names there, Atlas won't validate and this might be the cause of your error.
References: Least Privilege Access Policy Mongo DB Roles
sometimes Api and MongoDB compass, shell (clients) doesn't allow for deleting the database. In that way to delete the database in MongoDB.
© 2022 - 2024 — McMap. All rights reserved.