3

我最近4.2.04.0.2. 在以前的版本中,用户可以访问 system.indexes,但升级后,用户无法访问 system.indexes 集合。用户已经具有读写角色。另外,我尝试给 dbAdmin 但仍然没有运气。

为 mongo 启用调试日志后,它向我显示not authorized for query on testdb.system.indexes src/mongo/db/commands/find_cmd.cpp 170.

有人遇到过这个问题吗?

下面是输出


{
    "role" : "read",
    "db" : "testdb",
    "isBuiltin" : true,
    "roles" : [ ],
    "inheritedRoles" : [ ],
    "privileges" : [
        {
            "resource" : {
                "db" : "testdb",
                "collection" : ""
            },
            "actions" : [
                "changeStream",
                "collStats",
                "dbHash",
                "dbStats",
                "find",
                "killCursors",
                "listCollections",
                "listIndexes",
                "planCacheRead"
            ]
        },
        {
            "resource" : {
                "db" : "testdb",
                "collection" : "system.js"
            },
            "actions" : [
                "changeStream",
                "collStats",
                "dbHash",
                "dbStats",
                "find",
                "killCursors",
                "listCollections",
                "listIndexes",
                "planCacheRead"
            ]
        }
    ],
    "inheritedPrivileges" : [
        {
            "resource" : {
                "db" : "testdb",
                "collection" : ""
            },
            "actions" : [
                "changeStream",
                "collStats",
                "dbHash",
                "dbStats",
                "find",
                "killCursors",
                "listCollections",
                "listIndexes",
                "planCacheRead"
            ]
        },
        {
            "resource" : {
                "db" : "testdb",
                "collection" : "system.js"
            },
            "actions" : [
                "changeStream",
                "collStats",
                "dbHash",
                "dbStats",
                "find",
                "killCursors",
                "listCollections",
                "listIndexes",
                "planCacheRead"
            ]
        }
    ]
}
4

3 回答 3

7

我可以通过为 system.indexes 集合创建新角色并将此角色附加到用户来解决此问题。

db.createRole({role : "readWriteSystem", privileges: [{resource: { db: "testdb", collection: "system.indexes" }, actions: [ "changeStream", "collStats", "convertToCapped", "createCollection", "createIndex", "dbHash", "dbStats", "dropCollection", "dropIndex", "emptycapped", "find", "insert", "killCursors", "listCollections", "listIndexes", "planCacheRead", "remove", "renameCollectionSameDB", "update" ]}], roles:[]})
db.grantRolesToUser('testuser', ['readWriteSystem'])

奇怪的是,当您通过替换二进制文件升级 mongo 时会发生此问题。

我尝试安装一个 4.2 mongo 的新实例,然后将数据复制到它,它工作正常。但由于某些技术原因,我无法在生产中执行此操作。

亲爱的 Mongo 团队,

我尝试使用https://docs.mongodb.com/manual/tutorial/upgrade-revision/#upgrade-replace-binaries升级 mongo ,但遇到了上述问题。我认为 doc 缺少与system.indexes访问相关更改相关的一些细节

于 2019-09-10T12:04:50.903 回答
0

Mongobee 0.9 版是MongoTemplate上的旧版本,女巫已从 Mongo 4.2 中停产。

扩展Mongobee类并将MongoTemplate对象更新为更新的MongoTemplate constructor(MethodName -> "executeChangeSetMethod")。这解决了我的问题,而角色没有任何变化。

于 2020-07-17T03:02:39.040 回答
0

看起来从 mongo:4.2 文档开始不推荐使用“system.indexes”

我们应该改用命令“list Indexes”。但是在 mongobee 实现中,我们有

public Document findRequiredChangeAndAuthorIndex(MongoDatabase db) {
MongoCollection<Document> indexes = db.getCollection("system.indexes");
Document index = indexes.find(new Document()
    .append("ns", db.getName() + "." + changelogCollectionName)
    .append("key", new Document().append(ChangeEntry.KEY_CHANGEID, 1).append(ChangeEntry.KEY_AUTHOR, 1))
).first();

return index;

在 ChangeEntryIndexDao.class

所以我们可以扩展 MongoBee 并使用一些反射来设置扩展的 ChangeEntryIndexDao ,并以这种方式覆盖方法:

final ListIndexesIterable<Document> indexes = db.getCollection(changelogCollectionName).listIndexes();
            Document resultIndex = null;
            for (Document index : indexes) {
                final Document indexKey = index.get("key", Document.class);
                if (indexKey.containsKey(ChangeEntry.KEY_CHANGEID) && indexKey.getInteger(ChangeEntry.KEY_CHANGEID) == 1 &&
                        indexKey.containsKey(ChangeEntry.KEY_AUTHOR) && indexKey.getInteger(ChangeEntry.KEY_AUTHOR) == 1) {
                    resultIndex = index;
                    break;
                }
            }

            return resultIndex;
于 2022-01-25T14:00:09.063 回答