Ticket: Principle of Least Privilege

Hello,

I really don’t get this ticket.

1st. step
I’m adding new user, just like this:

Ticket syas:

This user should have the readWrite role on the sample_mflix database. Use Add Default Privileges to assign the user this specific role.

  1. I don’t see any role named readWrite, I can see only:
    image
    So I’m assuming that it have to be this Read and write to any database option.

  2. I don’t see any button or link saying Add Default Privileges, (or am I blind? am I in the correct place?)


2nd. step

I’m just turning off my app.


3rd. step

I’m modifying my SRV connection string as ticket says, so i go to my “.env” file, and I paste in the link new username and password, just like this:
MFLIX_DB_URI=mongodb+srv://mflixAppUser:mflixAppPwd@mflix....
(ofc. there is full link in the file, I just don’t know if it’s save to share this whole link)


4th. step

npm start

and R.I.P :
image

So I go back to 1st step thinking that there’s something wrong with the user I created.
Saying to myself maybe it’s not about “Add Default Privileges” as it says :
image

By default, all resources in this project are accessible.

Maybe i really have to specify this cluster as ticket saying?

So i go to update my user using option:
image

Saying, okey, there’s no exact same name as sample_mflix, but there’s nothing else I can do, click, searching gives nothing, so it should be fine, so I click “Done” and “Update user”:
image

So now im killing my app again, then :
npm start

And… R.I.P
Again:
image

No error, no nothing, all I know is :
image


What am I doing so wrong ?

I’m having the same issue. I do not see any option for ‘Add Default Privileges’.

Please check our forum threads.Fix given in few threads
There should be a default privileges button somewhere
If you edit mflixappuser i think you will see default privileges option

Now I got this.

There is no button, link/ function like Add Default Privileges.

You got to choose: Grant specific privileges, and then fill it like it’s shown.

I finally got this… I think this ticket was missleading.

image

1 Like