Ticket: Principle of Least Privilege: Test passed, but program broken

J_A · April 5, 2022, 5:16am

Continuing the discussion from Ticket: Principle of Least Privilege problem:

I’m experiencing the same issue as this user from 1.5 year ago.

Here’s what I did to create the user:

Go to cloud.mongodb.com
Under “Security” on the left, select “Database Access”
Click the green button labeled “+ Add New Database User” on the right
Enter the given username and password and grant specific privileges: readWrite@mflix.sample_mflix

However, while I can pass the test, the server program is no longer able to load images. I see the following error:

GET / 304 12.037 ms - -
GET /static/css/main.d2c98b4b.chunk.css 304 8.789 ms - -
GET /static/js/1.908cc23a.chunk.js 304 8.728 ms - -
GET /static/js/main.02d67aeb.chunk.js 304 8.909 ms - -
GET /static/media/mongoleaf.0ebc1843.png 200 8.774 ms - 52399
Unable to convert cursor to array or problem counting documents, MongoError: user is not allowed to do action [find] on [sample_mflix.movies]

As detailed above, I specifically granted read and write privileges to this user on this collection, so why is this happening? This was never answered. I think it would be helpful to know in case this happens in a real world application.

SourabhBagrecha · April 6, 2022, 4:04am

Hi @J_A, welcome to the community.
Can you please make sure that you have performed the following after all the 4 steps you mentioned?

Modify the SRV connection string in your configuration file so the application connects with the new username and password.

In case you have any doubts, please feel free to reach out to us.

Thanks and Regards.
Sourabh Bagrecha,
Curriculum Services Engineer

J_A · April 6, 2022, 4:23pm

Yes, I did make sure to change the SRV connection string. I modified the .env file as follows:

MFLIX_DB_URI=mongodb+srv://mflixAppUser:mflixAppPwd@mflix...

(The rest of the string has been omitted for security reasons)

Please let me know if there’s anything else I’m missing. Thank you.

SourabhBagrecha · April 7, 2022, 11:00am

Hi @J_A, thanks for confirming that.
Did you whitelist your IP address as well?
Also, can you please ensure one more thing that you are able to connect to your cluster using MongoDB Shell?

In case you have any doubts, please feel free to reach out to us.

Thanks and Regards.
Sourabh Bagrecha,
Curriculum Services Engineer

J_A · April 7, 2022, 5:32pm

The only IP address that I’ve whitelisted is 0.0.0.0/0, but that means that no IP addresses should be blocked, correct?

I also was able to connect to my cluster in mongosh, but I can’t do anything:

Atlas atlas-ouman5-shard-0 [primary] sample_mflix> show collections
MongoServerError: user is not allowed to do action [listCollections] on [sample_mflix.]

SourabhBagrecha · May 16, 2022, 10:49am

Hi @J_A, can you please ensure that the database user you created has enough permissions assigned to it?

If you have any doubts, please feel free to reach out to us.

Thanks and Regards.
Sourabh Bagrecha,
MongoDB

system · May 25, 2022, 5:15am

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.