ITPub博客

首页 > 数据库 > NoSQL > MongoDB 视图DDL查看not authorized on xxx to execute command { find: system.views

MongoDB 视图DDL查看not authorized on xxx to execute command { find: system.views

原创 NoSQL 作者:清风艾艾 时间:2021-04-21 09:57:55 0 删除 编辑

    最近做Mongodb数据库迁移,在对shard集群迁移时,发现视图和函数无法迁移到目标端,需要手

工查询源端视图和函数的DDL定义到目标端重建视图和函数,但是在查询视图时提示权限不足。

    Mongodb的shard集群视图DDL定义查询,报错信息如下:

[mongo@centos7 ~]$ mongo --port 50001 -usys -pzhulei  --authenticationDatabase admin

MongoDB shell version v4.2.3

connecting to: mongodb://127.0.0.1:50001/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb

Implicit session: session { "id" : UUID("d53970e1-edce-4811-b827-4386a0f3f707") }

MongoDB server version: 4.2.3

> use poc_mig_mongo1

switched to db poc_mig_mongo1

> show tables;

ceshi1

ceshi2

ceshi3

ceshi4

ceshi5

system.views

v_ceshi2

v_ceshi3

v_ceshi4

v_ceshi5

> db.system.views.find();

Error: error: {

"ok" : 0,

"errmsg" : " not authorized on poc_mig_mongo1 to execute command { find: \"system.views\", filter: {}, lsid: { id: UUID(\"e2d688de-b6e8-4bc9-9685-8344af3b9132\") }, $db: \"poc_mig_mongo1\" }",

"code" : 13,

"codeName" : "Unauthorized"

}

    经查询,网上有人提示需要创建新角色对system.views的查询,因为mongodb内部创建的视图保存在相关数据库中

的system.views表中,普通用户并没有对该表的查询权限,需要手工创建对system.views的查询角色并赋予业务用户或者

其他普通管理用户,具体说法参考网址:

    本次视图DDL查询异常处理过程如下:

第一步:免密方式登陆数据库创建角色并赋权

---创建视图查询角色

>  use admin

switched to db admin

> db.runCommand({ createRole: "readViewCollection",

...   privileges: [

...     { resource: { db: "", collection: "system.views" }, actions: [ "find"] }],

...     roles : []

... })

{ "ok" : 1 }

---查看数据库内部用户

> db.system.users.find();

{ "_id" : "admin.sys", "userId" : UUID("2b81f6a2-ffe9-44f9-8894-d7ded8af414c"), "user" : "sys", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "uoRvRSkMfQVw9uJKJKD2/Q==", "storedKey" : "5yLO4i4yVulN+kg1FwQHcAThLqM=", "serverKey" : "/3PPUXlxv3SZX7P5KgfQKwlXNzM=" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "cg5AAevAY4lXvgi+5zMRrbug4jTor3HKh2helg==", "storedKey" : "qU1INTjrtuvD+3S9PTmOzlnAV8+OEnsT/kjo34MavwI=", "serverKey" : "9XiUPP2X+4TSqFte4a17vJkHlD2eVXv3aorTCQQPdu8=" } }, "roles" : [ { "role" : "read", "db" : "poc_mig_mongo1" }, { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "dbAdmin", "db" : "poc_mig_mongo1" }, { "role" : "readWrite", "db" : "poc_mig_mongo1" } ] }

---赋予sys用户视图查看角色权限

> use admin

switched to db admin

> db.grantRolesToUser('sys',['readViewCollection']);

 第二步:验证方式登陆测试

[mongo@centos7 ~]$ mongo --port 50001 -usys -pzhulei  --authenticationDatabase admin

MongoDB shell version v4.2.3

connecting to: mongodb://127.0.0.1:50001/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb

Implicit session: session { "id" : UUID("d53970e1-edce-4811-b827-4386a0f3f707") }

MongoDB server version: 4.2.3

> show dbs;

admin           0.000GB

config          0.000GB

dns_testdb      0.012GB

local           0.000GB

poc_mig_mongo1  0.000GB

> use poc_mig_mongo1

switched to db poc_mig_mongo1

> show tables;

ceshi1

ceshi2

ceshi3

ceshi4

ceshi5

system.views

v_ceshi2

v_ceshi3

v_ceshi4

v_ceshi5

> db.system.views.find();

{ "_id" : "poc_mig_mongo1.v_ceshi5", "viewOn" : "ceshi5", "pipeline" : [ { "$match" : { "name" : "nanjing" } } ] }

{ "_id" : "poc_mig_mongo1.v_ceshi3", "viewOn" : "ceshi13", "pipeline" : [ { "$match" : { "name" : "hubei" } } ] }

{ "_id" : "poc_mig_mongo1.v_ceshi4", "viewOn" : "ceshi42", "pipeline" : [ { "$match" : { "name" : "hunan" } } ] }

{ "_id" : "poc_mig_mongo1.v_ceshi2", "viewOn" : "ceshi2", "pipeline" : [ { "$match" : { "name" : "nanning" } } ] }

  问题处理完成!

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/29357786/viewspace-2769019/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论
个人喜欢IT行业,目前从事数据库工作,包括Oracle、mysql、mongodb、sqlserver等数据库的维护,喜欢专研开发技术,尤其对java程序的开发感兴趣。工作经历上,在中国联通系统集成公司、中公网医疗信息技术有限公司做过数据库技术支持;目前在海量数据,负责华东区oracle、mysql、mongodb的维护工作。

注册时间:2015-01-30

  • 博文量
    235
  • 访问量
    444446