Atlas user has atlasAdmin role but can't execute hostInfo command

Jim_Fletcher · June 3, 2021, 2:07pm

In Atlas a user has the atlasAdmin role which includes the clusterMonitor built-in role. When the user executes the db.hostInfo() command it fails with user not authorized. I also tried explicitly granting specifc roles and granted the clusterMonitor role and it still fails. We have a utility mongopush designed for moving data to Atlas but the utility executes hostInfo() and is failing.
Any ideas how to resolve? Thanks for your help.

Jim_Fletcher · June 3, 2021, 2:14pm

More info:

db.getUser("jim")
{
	"_id" : "admin.jim",
	"user" : "jim",
	"db" : "admin",
	"roles" : [
		{
			"role" : "atlasAdmin",
			"db" : "admin"
		}
	]

db.getRole("atlasAdmin")
{
	"role" : "atlasAdmin",
	"db" : "admin",
	"isBuiltin" : false,
	"roles" : [
		{
			"role" : "readWriteAnyDatabase",
			"db" : "admin"
		},
		{
			"role" : "dbAdminAnyDatabase",
			"db" : "admin"
		},
		{
			"role" : "enableSharding",
			"db" : "admin"
		},
		{
			"role" : "backup",
			"db" : "admin"
		},
		{
			"role" : "clusterMonitor",
			"db" : "admin"
		}
	],

after authentication with id jim:

db.hostInfo()

{

	"ok" : 0,

	"errmsg" : "(Unauthorized) not authorized on admin to execute command { hostInfo: 1.0, lsid: { id: {4 [11 198 184 131 248 89 75 112 189 220 204 129 89 78 100 9]} }, $clusterTime: { clusterTime: {1622729629 3}, signature: { hash: {0 [109 208 131 205 113 140 115 176 19 181 213 62 131 104 106 127 185 153 173 100]}, keyId: 6968235905458896896.000000 } }, $db: \"admin\" }",

	"code" : 8000,

	"codeName" : "AtlasError"

}

Ramachandra_Tummala · June 4, 2021, 1:19am

What is yur cluster type? Free or paid?
There are restrictions on free tier clusters

From doc:
M0 Free Tier and M2 / M5 shared starter clusters don’t support read or write operations on the admin database

Jim_Fletcher · June 4, 2021, 2:04pm

I’m on the free tier. The unsupported command list doesn’t mention hostInfo but I suspect the tier is the problem. I’ll have access to a higher tier very soon and will try there. Thanks for your reply.

Jason_Tran · January 11, 2022, 5:55am

Hi @Jim_Fletcher,

I’m on the free tier. The unsupported command list doesn’t mention hostInfo but I suspect the tier is the problem.

Yes, the unauthorized message you received running db.hostInfo() is due to the command being run on a Free / shared tier cluster (M0 and M2/M5).

The hostInfo command must be run against the admin database. However, M0 free clusters and M2 / M5 shared clusters don’t support read or write operations on the admin database as per the Unsupported Commands in M0/M2/M5 Clusters documentation.

I will be raising a request to have this stated more explicitly.

Hope this helps.

Jason