MongoDB 视图DDL查看“not authorized on xxx to execute command { find: \“system.views\

    最近做Mongodb数据库迁移,在对shard集群迁移时,发现视图和函数无法迁移到目标端,需要手

工查询源端视图和函数的DDL定义到目标端重建视图和函数,但是在查询视图时提示权限不足。

    Mongodb的shard集群视图DDL定义查询,报错信息如下:

[mongo@centos7 ~]$ mongo --port 50001 -usys -pzhulei  --authenticationDatabase admin

MongoDB shell version v4.2.3

connecting to: mongodb://127.0.0.1:50001/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb

Implicit session: session { "id" : UUID("d53970e1-edce-4811-b827-4386a0f3f707") }

MongoDB server version: 4.2.3

> use poc_mig_mongo1

switched to db poc_mig_mongo1

> show tables;

ceshi1

ceshi2

ceshi3

ceshi4

ceshi5

system.views

v_ceshi2

v_ceshi3

v_ceshi4

v_ceshi5

> db.system.views.find();

Error: error: {

"ok" : 0,

"errmsg" : "not authorized on poc_mig_mongo1 to execute command { find: \"system.views\", filter: {}, lsid: { id: UUID(\"e2d688de-b6e8-4bc9-9685-8344af3b9132\") }, $db: \"poc_mig_mongo1\" }",

"code" : 13,

"codeName" : "Unauthorized"

}

    经查询,网上有人提示需要创建新角色对system.views的查询,因为mongodb内部创建的视图保存在相关数据库中

的system.views表中,普通用户并没有对该表的查询权限,需要手工创建对system.views的查询角色并赋予业务用户或者

其他普通管理用户,具体说法参考网址:https://dba.stackexchange.com/questions/247324/mongodb-admin-user-cannot-access-system-views-collection。

    本次视图DDL查询异常处理过程如下:

第一步:非验证方式重启mongodb,免密方式登陆数据库创建角色并赋权

---创建视图查询角色

>  use admin

switched to db admin

> db.runCommand({ createRole: "readViewCollection",

...   privileges: [

...     { resource: { db: "", collection: "system.views" }, actions: [ "find"] }],

...     roles : []

... })

{ "ok" : 1 }

---查看数据库内部用户

> db.system.users.find();

{ "_id" : "admin.sys", "userId" : UUID("2b81f6a2-ffe9-44f9-8894-d7ded8af414c"), "user" : "sys", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "uoRvRSkMfQVw9uJKJKD2/Q==", "storedKey" : "5yLO4i4yVulN+kg1FwQHcAThLqM=", "serverKey" : "/3PPUXlxv3SZX7P5KgfQKwlXNzM=" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "cg5AAevAY4lXvgi+5zMRrbug4jTor3HKh2helg==", "storedKey" : "qU1INTjrtuvD+3S9PTmOzlnAV8+OEnsT/kjo34MavwI=", "serverKey" : "9XiUPP2X+4TSqFte4a17vJkHlD2eVXv3aorTCQQPdu8=" } }, "roles" : [ { "role" : "read", "db" : "poc_mig_mongo1" }, { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "dbAdmin", "db" : "poc_mig_mongo1" }, { "role" : "readWrite", "db" : "poc_mig_mongo1" } ] }

---赋予sys用户视图查看角色权限

> use admin

switched to db admin

> db.grantRolesToUser('sys',['readViewCollection']);

 第二步:验证方式登陆测试

[mongo@centos7 ~]$ mongo --port 50001 -usys -pzhulei  --authenticationDatabase admin

MongoDB shell version v4.2.3

connecting to: mongodb://127.0.0.1:50001/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb

Implicit session: session { "id" : UUID("d53970e1-edce-4811-b827-4386a0f3f707") }

MongoDB server version: 4.2.3

> show dbs;

admin           0.000GB

config          0.000GB

dns_testdb      0.012GB

local           0.000GB

poc_mig_mongo1  0.000GB

> use poc_mig_mongo1

switched to db poc_mig_mongo1

> show tables;

ceshi1

ceshi2

ceshi3

ceshi4

ceshi5

system.views

v_ceshi2

v_ceshi3

v_ceshi4

v_ceshi5

> db.system.views.find();

{ "_id" : "poc_mig_mongo1.v_ceshi5", "viewOn" : "ceshi5", "pipeline" : [ { "$match" : { "name" : "nanjing" } } ] }

{ "_id" : "poc_mig_mongo1.v_ceshi3", "viewOn" : "ceshi13", "pipeline" : [ { "$match" : { "name" : "hubei" } } ] }

{ "_id" : "poc_mig_mongo1.v_ceshi4", "viewOn" : "ceshi42", "pipeline" : [ { "$match" : { "name" : "hunan" } } ] }

{ "_id" : "poc_mig_mongo1.v_ceshi2", "viewOn" : "ceshi2", "pipeline" : [ { "$match" : { "name" : "nanning" } } ] }

​  问题处理完成!

  • 1
    点赞
  • 2
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值