Not authorized on admin to execute command updateUser

Valeria_Korzhova · August 9, 2024, 2:41pm

Hi there, I’m using M10 cluster and trying to dynamically update user info with mongoose with this code snipped:

const client = new MongoClient(DB_URI)

 await client.db('admin').command(
    { 
             updateUser: username, 
             pwd: newPassword, 
         }
  );

but unfortunally I’m getting an error: errmsg: 'not authorized on admin to execute command { updateUser: "myuser", pwd: "xxx", $db: "admin" }',
any ideas how to do that?

Fabio_Ramohitaj · August 10, 2024, 10:20am

Hi @Valeria_Korzhova,
You need the change change password action.
But in none of the roles built-in roles there is that action. If I remember correctly, you can change it directly from gui or by taking advantage of Atlas cli! (With certain privileges).

Here are the references:

Best Regards

Valeria_Korzhova · August 14, 2024, 11:56am

If anyone struggles with same problem here’s the answer I got from technical support:
In MongoDB Atlas, user management, including updating user credentials, is handled differently. Instead of using database commands like updateUser, you would need to manage users through the MongoDB Atlas UI.

Atlas enforces stricter controls over user management to ensure security and consistency across its managed service, which is why certain commands that are available in self-hosted MongoDB instances are restricted or unavailable.

The security model for Atlas is a bit different in Atlas than Enterprise. These commands are not supported in Atlas even for Organization Owner role. User and role management should be performed via the Atlas UI. For more information on this please review our documentation on Atlas User Roles.