User 'm103-application-user' not configured correctly - your application's user should only have access to the applicationData database

I have this request
The requirements for this new user are:

• Role: readWrite on applicationData database
• Authentication source: admin
• Username: m103-application-user
• Password: m103-application-pass
  I did create user
  MongoDB Enterprise > db.createUser({
  … user: “m103-application-user”,
  … pwd: “m103-application-pass”,
  … roles: [ {role: “readWrite”, db: “applicationData”} ]
  … })
  Successfully added user: {
  “user” : “m103-application-user”,
  “roles” : [
  {
  “role” : “readWrite”,
  “db” : “applicationData”
  }
  ]
  }
  but validation is failed
  vagrant@m103:~$ validate_lab_first_application_user

User ‘m103-application-user’ not configured correctly - your application’s user
should only have access to the applicationData database.

not sure how my user has access to other databases?
Thanks,

Hi Lucio_99421,

Everything is right. Just make sure you re-run mongod with authentication enabled otherwise its no use restricting m103-application-user.

Kanika

Hi Kanika,

I am following steps from solution from Lab - Launching Mongod,

But receiving below error while creating user.

MongoDB Enterprise > use admin
switched to db admin
MongoDB Enterprise > db.createUser({
… user: “m103-admin”,
… pwd: “m103-pass”,
… roles: [
… {role: “root”, db: “admin”}
… ]
… })
2018-10-24T04:51:57.027+0000 E QUERY [thread1] Error: couldn’t add user: not authorized on admin to execute command { createUser: “m103-admin”, pwd: “xxx”, roles: [ { role: “root”, db: “admin” } ], digestPassword: false, writeConcern: { w: “majority”, wtimeout: 600000.0 }, $db: “admin” } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1437:15
@(shell):1:1

Regards,
Vish

Well Vish, the problem is outlined in the error message: the user account you’re using at this time is not allowed to perform user-management on the “admin” db. Are you using the right account?

Hi vishwanathk,

Check if you have already create this user. Try authenticating with the user using:

MongoDB Enterprise >  use admin
MongoDB Enterprise > db.auth("m103-admin","m103-pass")

If it outputs 1, means the user is already there.

If it shows 0 and you are unable to create the user m103-admin, then stop mongod and run mongod without authentication. Comment the authentication line in config file if you are using configuration file.

Let me know if it helps!

Kanika

Hi Kanika,

Output is 1 user is already there . thank you

Below is my config

storage:
dbPath: “/var/mongodb/db”
net:
port: 27000
bindIp: “127.0.0.1,192.168.103.100”
security:
authorization: enabled

I logged in using
mongo --port 27000 --username m103-admin --password m103-pass --authenticationDatabase admin

db.createUser(
{ user: “m103-application-user”,
pwd: “m103-application-pass”,
roles: [ { db: “applicationData”, role: “readWrite” } ]
}
)

use applicationData
switched to db applicationData
MongoDB Enterprise > db.createUser(
… { user: “m103-application-user”,
… pwd: “m103-application-pass”,
… roles: [ { db: “applicationData”, role: “readWrite” } ]
… }
… )
Successfully added user: {
“user” : “m103-application-user”,
“roles” : [
{
“db” : “applicationData”,
“role” : “readWrite”
}
]
}

vagrant@m103:~$ validate_lab_first_application_user

Client experienced a timeout when connecting to the database - check that mongod

is running on the correct port, and that the ‘m103-application-user’ user

authenticates against the admin database.

Have you authenticated the user?
connect to mongo
use admin
db.auth(“m103-application-user”,“m103-application-pass”)
Then check this
vagrant@m103:/data/db$ mongo -u m103-application-user -p m103-application-pass --authenticationDatabase applicationData --port 27000
If you are able to connect then validation script will give the result