Unable to execute collstats on a collection, although the privilege is granted


I have a created a MongoDB user with role which has following privileges, out of which collStats on all databases is also one. But when I try to execute collstats output on a specific collection, it fails. Please can someone help.
I am trying this on a replica set.

    db.updateRole("testrole",{ privileges:[{"resource" : {"cluster" : true},"actions" : ["fsync","getCmdLineOpts","getShardMap","listDatabases","listShards","replSetGetConfig","replSetGetStatus","serverStatus","unlock"]},{"resource" : {"db" : "local","collection" : "system.replset"},"actions" : ["find"]
    },{"resource" : {"db" : "config","collection" : "settings"},"actions" : ["update"]},{"resource" : {"db" : "","collection" : ""},"actions" : ["collStats","listCollections"]}]})

 db.createUser( { user: "test", pwd: "xxxxxx", roles: [ { role: "testrole", db: "admin" } ] } )

 db.adminCommand({"collStats": "system.roles"})
        "ok" : 0,
        "errmsg" : "not authorized on admin to execute command { collStats: \"system.roles\" }",
        "code" : 13,
        "codeName" : "Unauthorized"

Hi @Akshaya_Srinivasan ,

System collections require explicit grant. This means that you have to specify the system.roles specifically in your grants.


This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.