Good day!
Running MongoDB 4.4 on windows, I want to write a log rotation batch file. I’m gonna need to create a dummy “logsAdm” user who’s job will ONLY be to perform log rotation.
I’ve created a custom role and user as such:
db = db.getSiblingDB('admin');
db.createRole(
{
role: "logsAdmin",
privileges: [
{ resource: { db: "admin", collection: "" }, actions: [ "logRotate" ] }
],
roles: []
}
);
db.createUser(
{
user: "logsadm",
pwd: passwordPrompt(),
roles: [
{ role: "logsAdmin", db: "admin" }
]
}
)
Now, if I try to logRotate with this user, I’m still running into bad privileges:
C:> mongosh.exe -u logsadm -p <password> --eval “db.adminCommand({ logRotate: 1 })”
MongoServerError: not authorized on admin to execute command { logRotate: 1, lsid: { id: UUID("60daeae9-193a-4604-b9b0-Z723aksj2872398kajs") }, $clusterTime: { clusterTime: Timestamp(1649751187, 1), signature: { hash: BinData(0, DDB2AA34AFBF140AA03937879336BC6547BB4316), keyId: 706235745087016435464 } }, $db: "admin" }
Did I miss something in my custom role ? Did I at least do it properly ? I know the documentation states for the action that:
User can perform the logRotate command. Apply this action to the cluster resource.
So I am not sure I’ve properly setup the role. Apologies, pretty new with MongoDB…
Thanks for your help and time.
Regards,
Pat