MongoServerError: not authorized on admin to execute command

I am currently trying to run the following commend on my one atlas cluster

use admin
db.runCommand( {
      { changeStreamOptions: { preAndPostImages: { expireAfterSeconds: 100 } } }
} )

I want use to save change logs to the db. I am however getting the following error when trying to run the above command

MongoServerError: not authorized on admin to execute command { setClusterParameter: { changeStreamOptions: { preAndPostImages: { expireAfterSeconds: 100 } } }, lsid: { id: UUID("a33462c1-2419-4a35-947f-3ae2c7d9e127") }, $clusterTime: { clusterTime: Timestamp(1669886477, 1), signature: { hash: BinData(0, C321D3B73BFD8D05FAD472201BEB5D2EFB037F23), keyId: 7139683256089182213 } }, $db: "admin" }

The cluster is on the Atlas M10 tier, in the AWS / Cape Town (af-south-1) region.

Any help will be greatly appreciated.

The user may not be having privileges to run this command or it may unsupported shell command on M10 cluster
Please check mongo documentation Atlas unsupported commands for different cluster Tiers

The user I am using is set up as dbAdminAnyDatabase. I also had a look at the documentation for Atlas and could not see setClusterParameter under their unsupported commands.

your operation seems related to the cluster itself. this user has only given the privilege to work on databases, not the cluster itself.

I am also not sure if you can change cluster settings within a shell. Your cluster sits on a cloud provider and is managed by MongoDB Atlas. Check the Atlas web interface first if you have access to those settings. (you would have 100% admin rights if you manage your own cluster)

I don’t know if there is a redefined role for this, but these link would lead you to define one for your needs:
1- Create a new role to manage current operations
2- changeStreams/#access-control (collectin/database/deployment levels)

@Abi_Scholz you are trying to open a change stream on a collection, so you should set this on collection or database level.

@Hannes_Calitz your goal is not just to open a change stream. so in addition to enabling this role for your user, you may need an extra privilege to change cluster settings. I still haven’t tried it myself, so excuse me for not giving the full steps.