1. I created a role with changeOwnPassword privilege
mongos> db.getRole("changeOwnPasswordRole",{showPrivileges:true})
{
"role" : "changeOwnPasswordRole",
"db" : "admin",
"isBuiltin" : false,
"roles" : [ ],
"inheritedRoles" : [ ],
"privileges" : [
{
"resource" : {
"cluster" : true
},
"actions" : [
"changeOwnPassword"
]
}
],
"inheritedPrivileges" : [
{
"resource" : {
"cluster" : true
},
"actions" : [
"changeOwnPassword"
]
}
]
}
mongos>
2. I granted the role to non-admin read-only user
mongos> db.getUser("sdutta")
{
"_id" : "admin.sdutta",
"user" : "sdutta",
"db" : "admin",
"roles" : [
{
"role" : "changeOwnPasswordRole",
"db" : "admin"
},
{
"role" : "readAnyDatabase",
"db" : "admin"
}
]
}
3. Tried to change password without luck. I hope it’s not expecting readWrite.
mongos> db.changeUserPassword("sdutta","test2")
2017-01-17T18:38:29.078-0500 E QUERY [thread1] Error: Updating user failed: not authorized on admin to execute command { updateUser: "sdutta", pwd: "xxx", writeConcern: { w: "majority", wtimeout: 30000.0 }, digestPassword: false } :
_getErrorWithCode src/mongo/shell/utils.js:25:13
DB.prototype.updateUser src/mongo/shell/db.js:1319:15
DB.prototype.changeUserPassword src/mongo/shell/db.js:1323:9
@(shell):1:1
Am I missing anything?
Thanks!
> db.auth("sdutta", "old_password") |
> db.changeUserPassword("sdutta", "new_password")
|
--To view this discussion on the web visit https://groups.google.com/d/msgid/mongodb-user/86261e42-e6fd-4dd0-b5bf-b5b457c7f6c9%40googlegroups.com.
You received this message because you are subscribed to the Google Groups "mongodb-user"
group.
For other MongoDB technical support options, see: https://docs.mongodb.com/manual/support/
---
You received this message because you are subscribed to a topic in the Google Groups "mongodb-user" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/mongodb-user/bTUqAMuoEKA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to mongodb-user+unsubscribe@googlegroups.com.
To post to this group, send email to mongod...@googlegroups.com.
Visit this group at https://groups.google.com/group/mongodb-user.