Ticket: Principle of Least Privilege?

Did I miss something? As far as I know, we have not had a lecture or instruction on creating a user in MongoDB Atlas, nor was it in a required course before this one. Yet doing so is required to finish Chapter 4: Resiliency.

When I use the command I learnt from reading the documentation, I get this message:
Error: couldn't add user: not authorized on admin to execute command

I do not know if that is because something is wrong with my access privileges, or if I am running the command incorrectly.

Has anyone successfully completed this ticket, yet?

Basic Cluster Administration seems to be a perquisite to this course. In that course a little bit of authentication is covered.

I completed the ticket however I used a local instance of mongoDB instead of Atlas. I created a user on the “admin” database that has readWrite privileges to the mflix database. I then changed my connection string to use the new user.

In atlas it should be pretty straight forward.

  1. Looks like if you click on “security” once you are in Clusters.
  2. You can the create a custom role that will have readWrite acess to only the mflix database
  3. After that you can Crete a new user and assign that new role to that user.
  4. Fix you connection string to connect with that user.
2 Likes

Hey thanks! I will give that a try.

Thank you very much @pawlowsg. It worked, and I have completed the course, thanks to your help. That was the only ticket remaining.

Ah, yes, M103: Basic Cluster Administration. I was taking it concurrently with this one, and could not for the life of me get Vagrant / VirtualBox working nicely in a reasonable amount of time and so unregistered. I will probably give it a try again next time.

I have a problem with this ticket, us can help me? I create a new user with this privileges but not pass the test. This is the privileges with I did create the role, it looks.

Thank you @pawlowsg for the suggestion. That worked out well.

I didn’t pass the test but instead of selecting all those, there’s a readWrite privilege

@ederius Don’t create a custom role.

Do: https://cloud.mongodb.com => clusters => security => mflixAppUser => edit => Add default privileges => add role => select readWrite @ mflix

2 Likes

Thanks @Rendall_13518. I didn’t knew that we can select readWrite from default privileges. I was instead creating a custom MongoDB role with readWrite privilege.

2 Likes