[Atlas] Authentication failed for running compact command on oplog.rs with atlasAdmin role

I use MongoDB Atlas M20 instance.
I had an issue with huge oplog size(50GB) with storage auto scale option enabled.
So I turned off auto scaling and set Maximum Oplog Size as 990MB to prevent oplog size going to large.
Next, I wanted to run compact command on oplog collection to make disk size smaller but failed to run with authentication failed message.

	"message" : "not authorized on local to execute command { compact: 'oplog.rs', $clusterTime...

I found related articles but nobody seems to have an authentication issue like me.

Can anyone give me an advice?

This is a more detailed status of my instance.




AWS / Tokyo (ap-northeast-1)


M20 (General)


Replica Set - 3 nodes

Atlas admin role may not be having privilege to run compact command
May be you have to create a custom role giving explicit privileges/actions

1 Like

You can try dbAdmin@local to see if that works for you.

I’m facing the same issue, and i have tried creating the custom role (allowing compact operation on local database) through the Atlas UI and the shell without success. I have read that atlasAdmin does not have write permissions on local and config databases as stated in https://www.mongodb.com/docs/atlas/mongodb-users-roles-and-privileges/#built-in-roles. Does anyone know how to achieve so? Is it something support has to do for you?

Finally, after paying for support, i was sent an article with all the necessary steps.

The main issue the OP (and myself ) where having, is that the “dbAdmin” role has to be specifically added on “local” database as a Custom Role, and then assign it to the user performing the actions on the DB.

This doesn’t appear on the community documentation, and it would be nice to add it for future reference.

Then you can issue the compact command as db.runCommand({compact: “oplog.rs”}) on the secondaries. For the primary, you will have to use the Test Failover feature, then proceed as with the secondaries.