Error changing user password on Mongo shell

Anyone can help please. When I try to change a user’s password in Mongoshell I got this problem:
MongoServerError: not authorized on sample_airbnb to execute command { updateUser: “cnxtestd”, pwd: “xxx”, apiVersion: “1”, lsid: { id: UUID(“fb2a5dae-9403-4d51-a55f-88b8f00862f4”) }, $clusterTime: { clusterTime: Timestamp(1682349221, 1), signature: { hash: BinData(0, 6847C01D19DF0639E909898431595E96BB0A9966), keyId: 7223441771265523717 } }, $db: “sample_airbnb” }
Same happened with the command:
db.changeUserPassword(“cnxtestd”, “secretpassword”)

Hello @Sergio_Anibal_Agudelo_Correa ,

Welcome to The MongoDB Community Forums! :wave:

The error message you are seeing indicates that the user you are logged in as does not have sufficient privileges to execute the updateUser command or the changeUserPassword method. Please confirm the role assigned to the user attempting to perform the updateUser command.

Note: You can check the roles assigned to your user by running db.getRoles() command.

Additionally, could you confirm whether or not this is an Atlas deployment and if so, what is the cluster tier? For reference, the M0 free clusters and M2/M5 shared clusters don’t support the updateUser command as per the Unsupported Commands documentation.

Regards,
Tarun

Hi Tarun, thanks for your response…the MongoDB Atlas cluster tier is M10 dedicated. However, I think there are limitations to execute these commands in mongo shell as per the following URL: https://www.mongodb.com/docs/atlas/security-add-mongodb-users/
I will take a look at API to try to automate the creation of database users and password change. Please let me know if I’m incorrect on this preliminary analysis.

@Sergio_Anibal_Agudelo_Correa you are right. As per this documentation on unsupported commands in m10 clusters, updateUser is not supported to ensure cluster stability and performance.

Hi Tarun, thanks for your reply!. Nowadays, I am trying to change a mongodb atlas database user password using the Update One Database User in One Project administration API with no success so far. I’m using curl command and when I run it, I got the following error message:
Preformatted text{
“error” : 405,
“reason” : “Method Not Allowed”
}Preformatted text
The curl command I’m running in Windows cmd window is the following:
Preformatted textG:\curl-8.0.1_9-win64-mingw\curl-8.0.1_9-win64-mingw\bin>curl --user “…:…” --digest “https://cloud.mongodb.com/api/atlas/v1.0/groups/..../databaseUsers/sample_airbnb/…” --json @"G:\curl-8.0.1_9-win64-mingw\curl-8.0.1_9-win64-mingw\bin\updateUser.json"Preformatted text

Any ideas on how to solve this issue would be highly appreciate it!.

Hi @Sergio_Anibal_Agudelo_Correa ,

I tried the MongoDB Atlas Administration API - Update One Database User in One Project and it is working as expected, below is an example of cURL command I used (sensitive information is redacted).

curl --location --request PATCH 'https://cloud.mongodb.com/api/atlas/v1.0/groups/<group-id>/databaseUsers/admin/<user-name>?envelope=false&pretty=false' \
--header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--data '{
  "databaseName": "admin",
  "groupId": "<group-id>",
  "username": "<user-name>",
  "password": "<new-password>",
"roles": [
    {
      "databaseName": "<database-name>",
      "roleName": "<role>"
    },
    {
      "databaseName": "<database-name>",
      "roleName": "<role>"
    }
  ],
  "scopes": [
    {
      "name": "<Cluster-name>",
      "type": "CLUSTER"
    }
  ]
}'

Can you please share your update.json content (redact any sensitive content) and how are you running this?

Tarun

Hi Tarun, how is it going?..hope everything is okay. I want to thank you for your quick reply on this case. I’m trying to change the database user’s password with Atlas Admin API. I adjusted the curl command to be used in the project I’m working on. Although the curl command example is good for Linux environment, It did help me a lot as reference to be used and to be executed in Windows to test the Atlas cluster user’s password through Windows CMD. I did use backslash for --data-raw in the curl command to get correct syntax and worked it as expected for the SCRAM user I’m working on!. Again, thanks a lot for your support. Best regards!

1 Like

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.