MongoDB privilege required for find operation on db.system.profile

[benoit.m...@lunatech.com]

Good morning,

We are building the project on top of Lagom framework

"com.lightbend.lagom" % "lagom-sbt-plugin" % "1.4.0-M2"

Built our connector for lagom ReadSide event handlers and configured akka persistence with this plugin to persist akka journal and realtime on MongoDB with ReactiveMongo

"com.github.scullxbones" %% "akka-persistence-mongo-rxmongo" % "2.0.4"

Other Reactive Mongo usage are in lagom read side processors, updating entity read side in response to event. Its very similar to typical DAO use : insert, update, finds 

The MongoDB Administrator had to allow the application to pass "find" queries on "<db_name>.system.profile" . He says cannot let this for the production environment, and want to stay with the default MongoDB profile "readWrite"

The problem occurs only when mongoDB server has operationProfiling enabled, in slowOp mode with this in mongo configuration file

operationProfiling:

  mode: slowOp

  slowOpThresholdMs: 500

When this profiling mode is selected the reactive mongo connection fails because of an authentication " DatabaseException['not authorized for query on xxxxx.system.profile' (code = 13)]". If we allow just the 'find' operation on the system.profile collection it works fine.

I cannot trace back any query to this collection in ReactiveMongo, nor in akka-persistence-mongo. 

Do anyone of you know of such behavior and would like to help on this ? 

Best regards

Benoit

[Cédric Chantepie]

For me this is specific to the persistence module, so better to ask there what kind of access is require and how to configure it properly. Best regards