Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Grant Right to Use $Eval on MongoDB 3.2

DZone's Guide to

Grant Right to Use $Eval on MongoDB 3.2

How do you enable a user to execute the $eval command in MongoDB? You might not think this is an issue, but you might also be surprised. Read on to find out more.

· Database Zone ·
Free Resource

Running out of memory? Learn how Redis Enterprise enables large dataset analysis with the highest throughput and lowest latency while reducing costs over 75%! 

One of the side effects of enabling authorization on MongoDB is that, even if you create a user with “root” right, this account is not able to execute the $eval command. The symptom is, when you try to execute $eval you get this error:

mongodb Command '$eval' failed: not authorized on jarvis-framework-saga-test to execute command

This happens because $eval is somewhat deprecated, and it should not be used. Since it is a dangerous command, a user should have access to all action on all resources, and you need to create a role that has anyAction on anyResource.

If you really need to use $eval, you should create a role. Just connect to the admin database and create a new role with the command.

db.createRole( 
{ 
role: "executeEval", 
privileges: [ { 
resource: { anyResource: true }, 
actions: [ "anyAction" ] } ], 
roles: []
 } ) 

Now that you have this new role, just add it to all the users that need to use $eval. As an example, if you have a single admin user in the admin database, just run this against the admin DB.

db.grantRolesToUser("admin", [ { role: "executeFunctions", db: "admin" } ])

And now, the admin user can execute $eval against all databases.

Running out of memory? Never run out of memory with Redis Enterprise databaseStart your free trial today.

Topics:
mongodb ,database ,authorization ,users ,permissions

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}