MongoDB 自定义用户角色 - “不允许用户（...）”

Question

I created a free tier cluster on MongoDB Atlas (it has 3 shards) and I want my Node.js app to connect with a database I created there, using a specific user, that will be restricted from using any other database than the one inteded for this app.

So step by step.

I create a database called, let's say, test .

I create a role here - I go to Security -> MongoDB Roles -> Add New Custom Role and I give it all Collection actions and all Database actions and roles to test

Time for a user, so again Security -> MongoDB Users -> Add New User and I assign a previously created role to it so it has access only to test database. So now I have 2 users - atlasAdmin and my created user.

That's where the problem occurs, when I use admin user in my app to connect, .find() or .create() it works fine all the time. With a user with custom role, it works for like 10mins/1 connection (until I shut down the local server I have my node app on) and the next time I get an error that "user is not allowed to perform action (...)".

I tried everything, tinkering with a string I use to connect, updating mongoose (I use it in my app), creating user and custom role using mongodb shell but nothing seems to work.

HOWEVER:

• if I have this custom user, my app connects with it to the database and it works, then on the next connection it stops working AND I go here and just click UPDATE USER without changing anything there (I just click edit next to the user and then update ) then wait for the cluster to make changes, it will work again for like +/- one connection.

• everything works just fine if my app uses admin account

Anyone had similar problem? Screenshot of the error I was also thinking that it might be because of how many times I try to connect with mongo from the app (I use nodemon so everytime I save a file with changes, server restarts, thus connecting to database again) but I think that's not the case - if it was, why would I be able to make it work with admin user?

The string I use to connect with mongo:

// DATABASE SETUP
var dbURL = 'mongodb://[cluster0:port],[cluster1:port],[cluster2:port]/test?ssl=true&replicaSet=Cluster0-shard-0&authSource=admin&retryWrites=true';
var options = {
    useNewUrlParser: true,
    dbName: "test"
    user: [login],
    pass: [pass]
};
mongoose.connect(dbURL, options);

Answer 1

I have also encountered this problem on Atlas Free tier, not just on NodeJS but Java as well

For now, you can try mitigating this problem by using a default role instead of having a custom one

On the MongoDB Users tab, click "Edit" on your user => Add Default Privileges

Picture 1

Then select "readWrite" and type your database name on the first field, then save the user

Picture 2

Or, if you want database administration, add another field with "dbAdmin" role

Picture 3

At least that's how I solved it. I hope this helps.

Side note: You can also use the shorter connection string (MongoDB+SRV) and it would still work.