MongoDB – How to Fix mongodump Config Database Error

mongodbmongodump

I've setup a backup script on my Ubuntu box using mongodump. However this currently doesn't work because of an error when attempting to dump the built in config database:

enter image description here

(Apologies for the image, I couldn't copy paste from the terminal I used)

How can I fix this? I either need to add the right permissions to my user, or exclude the config database. Ideally I'd like mongodump to ignore errors on any particular database so I still get a useful backup.

Here is the user I'm using to login as, as defined in the admin database:

{
    "_id" : "admin.admin",
    "userId" : UUID("b1928c55-fbaa-4196-9e7c-93e9139501ed"),
    "user" : "admin",
    "db" : "admin",
    "roles" : [ 
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }, 
        {
            "role" : "dbAdminAnyDatabase",
            "db" : "admin"
        }, 
        {
            "role" : "readWriteAnyDatabase",
            "db" : "admin"
        }
    ],
    "mechanisms" : [ 
        "SCRAM-SHA-1", 
        "SCRAM-SHA-256"
    ]
}

Best Answer

You don't have the required privileges for the config database.

See https://docs.mongodb.com/manual/reference/built-in-roles/ :

readWriteAnyDatabase

Provides the same privileges as readWrite on all databases except local and config.

userAdminAnyDatabase

Provides the same access to user administration operations as userAdmin on all databases except local and config.

dbAdminAnyDatabase

Provides the same privileges as dbAdmin on all databases except local and config.

For mongodump, use the backup role.

The admin database includes the following roles for backing up and restoring data:

backup

Provides minimal privileges needed for backing up data. This role provides sufficient privileges to use the MongoDB Cloud Manager backup agent, Ops Manager backup agent, or to use mongodump to back up an entire mongod instance.

Specifics about mongodump https://docs.mongodb.com/manual/reference/program/mongodump/ :

Required Access

To run mongodump against a MongoDB deployment that has access control enabled, you must have privileges that grant find action for each database to back up. The built-in backup role provides the required privileges to perform backup of any and all databases.

Related Question