Welcome to the community!
Would you be able to provide the following information to help troubleshoot the error?:
- Which driver you are using to perform the command on
- The driver version
- A snippet of the connection portion of your code (Please remove any credentials before posting it here)
- A snippet of the code where the aggregate command exists
MongoError: not authorized on mydb?retryWrites=true&w=majority
You have stated originally that the user had the
readWrite@dbname permission on the
dbname database. However, the error above indicates you are running the aggregate command against a different database name. Have you tried the same command with the user who has
readWrite@dbname permissions against database
dbname? Since the same command works using
readWriteAnyDatabase@admin as opposed to
readWrite@dbname, I suspect that the issue may exist with what database the command is being run against.
I would like to create custom policy with the least permission on the cluster. I don’t want to let this user access other DBs.
You can configure a Custom Role in Atlas so that Database users associated with the custom role can only perform selected actions and roles against certain database(s).
Which permission should I assign to this user to be able to run aggregate?
You can assign the
find action so that database users associated with a custom role with this action are allowed to perform the aggregation command you have provided.
Please see the example below of a custom role with the
find action allowed for the
Note : You will be able to find the
find action under the category Collection Actions --> Query and Write Actions
Hope this helps.