以下是我的帐户
svc-mydbuser{privileges: [{actions: ["dropRole", "createRole","grantRole","find" ,"viewRole"], resource: {db: "admin", collection: ""}},{actions: ["changeStream","collStats","createIndex","dbHash","dbStats","dropIndex","find","killCursors","listCollections","listIndexes","planCacheRead","insert","update","remove"], resource: {db: "admin", collection: "system.roles"}},{actions: ["dropDatabase" ,"createDatabase"], resource: {db: "core-POC", collection: ""}}], roles: [{ role: "readWrite", db: "core-POC" },{ role: "userAdmin", db: "admin" }]});
登录 mongo 数据库并尝试
createRoleMongoDB Enterprise REP062:PRIMARY> use admin;
MongoDB Enterprise REP062:PRIMARY> db.adminCommand({ createRole: "CN=GLB-Admin-S-L,OU=Groups - Applications,OU=Global Admin Groups,DC=dmzprod01,DC=mybank,DC=com", privileges: [], roles: [{ role: "read", db: "core-POC" } ]});
{
"operationTime" : Timestamp(1691051515, 106),
"ok" : 0,
"errmsg" : "not authorized on admin to execute command { createRole: \"CN=GLB-Admin-S-L,OU=Groups - Applications,OU=Global Admin Groups,DC=dmzprod01,DC=mybank,DC=com\", privileges: [], roles: [ { role: \"read\", db: \"core-POC\" } ], lsid: { id: UUID(\"0174cbc1-0595-40f2-9609-bd43927c06f4\") }, $clusterTime: { clusterTime: Timestamp(1691048964, 1), signature: { hash: BinData(0, 2B98A040357462EBE5CB97642C569DC3A6958C81), keyId: 7216972790308536321 } }, $db: \"admin\" }",
"code" : 13,
"codeName" : "Unauthorized",
"$clusterTime" : {
"clusterTime" : Timestamp(1691051515, 106),
"signature" : {
"hash" : BinData(0,"ygtzgwKkaNXmNzIXYCzbk9yprbk="),
"keyId" : NumberLong("7216972790308536321")
}
}
}
您能否建议在不提供管理员权限的情况下应向我的帐户提供哪些权限,以便我可以成功执行
createRoledropRole