4

I'm using MongoDB Atlas and I've recently started to get this error on my MongoDB replica:

user is not allowed to do action [find] on [mydb.system.indexes]

Nothing really has changed, so I'm wondering what can be an issue. The user has readWrite role on mydb and from the docs it looks like it should have the right to do it. Also, I've tried to change the user to admin user which has any rights, but still got this error. Interesting that system collection doesn't exists in mydb but Spring Data tries to query it and gets this error.

Here is a full log from mongo:

Error: error: {
    "ok" : 0,
    "errmsg" : "user is not allowed to do action [find] on [mydb.system.indexes]",
    "code" : 8000,
    "codeName" : "AtlasError"
}

MongoDB connection URI looks like this:

spring.data.mongodb.uri=mongodb+srv://[USER]:[PASSWORD]@[MONGO_URL].mongodb.net/mydb

I'm using Spring Boot 2.0.1.RELEASE with mongo java driver of version 3.6.3. Version of the Mongo replica is 3.4.14. Any idea what's going on and how this can be fixed? Upgrading user role doesn't help here.

yyunikov
  • 5,719
  • 2
  • 43
  • 78
  • `system` is created in **every** mongodb database namespace. It's just that it's not there when nothing is in it. The error message could be more clear but is basically means the user you are authenticating lacks the privilege to read this. From the [Built In Roles](https://docs.mongodb.com/manual/reference/built-in-roles/#database-user-roles) this should be assigned to users inherriting the `read` role, and a common role for most applications should generally be `readWrite`. If your user does not have these roles ( or inherited from ) then the accounts are incorrectly set up. – Neil Lunn Apr 23 '18 at 06:40

1 Answers1

8

MongoDB Atlas forbids direct calls to some system. collections and they specify that in the doc and db.<COLLECTION>.getIndexes() should be used instead. In my case MongoBee library was making system.indexes call and causing the issue. See my answer here for more details.

yyunikov
  • 5,719
  • 2
  • 43
  • 78
  • 1
    More specifically, the [`listIndexes` command](https://docs.mongodb.com/manual/reference/command/listIndexes/) should be used in MongoDB 3.0+ (which is the same command called by the `db.collection.getIndexes` shell helper). Direct access to the `system.indexes` collection is a carryover from the legacy MMAPv1 implementation: the introduction of the storage engine API in MongoDB 3.0 added a supported command interface. – Stennie Apr 24 '18 at 23:47
  • Submitted a pull request to MongoBee library with the fix https://github.com/mongobee/mongobee/pull/87 – yyunikov May 05 '18 at 06:33