Over a million developers have joined DZone.

Grant Right to Use $Eval on MongoDB 3.2

How do you enable a user to execute the $eval command in MongoDB? You might not think this is an issue, but you might also be surprised. Read on to find out more.

· Database Zone

Build fast, scale big with MongoDB Atlas, a hosted service for the leading NoSQL database. Try it now! Brought to you in partnership with MongoDB.

One of the side effects of enabling authorization on MongoDB is that, even if you create a user with “root” right, this account is not able to execute the $eval command. The symptom is, when you try to execute $eval you get this error:

mongodb Command '$eval' failed: not authorized on jarvis-framework-saga-test to execute command

This happens because $eval is somewhat deprecated, and it should not be used. Since it is a dangerous command, a user should have access to all action on all resources, and you need to create a role that has anyAction on anyResource.

If you really need to use $eval, you should create a role. Just connect to the admin database and create a new role with the command.

db.createRole( 
{ 
role: "executeEval", 
privileges: [ { 
resource: { anyResource: true }, 
actions: [ "anyAction" ] } ], 
roles: []
 } ) 

Now that you have this new role, just add it to all the users that need to use $eval. As an example, if you have a single admin user in the admin database, just run this against the admin DB.

db.grantRolesToUser("admin", [ { role: "executeFunctions", db: "admin" } ])

And now, the admin user can execute $eval against all databases.

Now it's easier than ever to get started with MongoDB, the database that allows startups and enterprises alike to rapidly build planet-scale apps. Introducing MongoDB Atlas, the official hosted service for the database on AWS. Try it now! Brought to you in partnership with MongoDB.

Topics:
mongodb ,database ,authorization ,users ,permissions

Published at DZone with permission of Ricci Gian Maria, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}