We made a user on our 6.0.12 mongo cluster that has readWrite access on specific collections within a database. However, createSearchIndexes fails with “not authorized on $db to execute command $blah”
The documentation indicates that createSearchIndexes is covered by readWrite. Is that true for version 6.0.12, or only the latest v7 version?
We upgraded to 7.0.4 and still get the same error.
Looks like the example in the documentation is technically correct because scoping readWrite to a database will allow you to make search indices within that database.
However,
If your deployment enforces access control, the user running the
createSearchIndexescommand must have thecreateSearchIndexesprivilege action on the database or collection
This (^) ends up not being correct because giving readWrite on a specific db/collection causes not authorized errors like this one:
not authorized on my_db to execute command { createSearchIndexes: "_hey.examples", indexes: [ { name: "an_example", definition: { mappings: { dynamic: true, fields: { vector: [ { type: "knnVector", dimensions: 1024, similarity: "cosine" } ] } } } } ], $db: "my_db" }
However, giving readWrite on the entire DB does fix the problem.