Schema validation is disabled on readWrite and dbAdmin roles

Eyal_Tamsot · September 28, 2022, 8:16am

Using MongoDB shell version v5.0.6 and MongoDB compass Version 1.32.5 (1.32.5) (Im not sure if its relevant for the problem tho) .

Im not able to edit Schema validations on any collection in my DB, tried to do that on dbAdmin and readWrite role. what am i doing wrong?

Error when on readWrite role:

not authorized on eyal to execute command { collMod: “transaction”, validator: { $jsonSchema: { required: [ “clientId”], properties: { clientID: { bsonType: “objectId”, description: “Must be a objectId and is required” }, description: } } } }, validationAction: “error”, validationLevel: “strict”, lsid: { id: UUID(“3e1XCJKS-7cd3-4aa9-aac5-89234hdu3983”) }, $clusterTime: { clusterTime: Timestamp(1664562563, 1), signature: { hash: BinData(0, F13A7FB1E1SDFHJKSDFJH2936B435D5DD6C), keyId: 7137234432545796 } }, $db: “eyal” }

When when on DBAdmin role:

not authorized on eyal to execute command { aggregate: “transaction”, pipeline: [ { $match: { $jsonSchema: { required: [ “clientId”], properties: { clientID: { bsonType: “objectId”, description: “Must be a objectId and is required” }} } } } }, { $group: { _id: 1, n: { $sum: 1 } } } ], cursor: {}, lsid: { id: UUID(“ajkshd87921-3a82-4a5f-9e04-0af89jgu2940vb”) }, $clusterTime: { clusterTime: Timestamp(1553478349, 1), signature: { hash: BinData(0, 8F91FSD2234SFJG3455KKNA5B403E969E), keyId: 71376458048657765396 } }, $db: “eyal” }

Thanks in advanced.

Aasawari · September 30, 2022, 4:31pm

Hi @Eyal_Tamsot and welcome to the community!!

Based on the above informations shared, I tried to the Schema update documentation to reproduce the issue that you are seeing. Unfortunately, I am not observing the issue that you have been seeing.

To help out further reproduce the issue in my local environment, could you help with the following details for the issue being seen:

Steps you followed after which you started observing the issue.
The modification commands for both dbAdmin and readWrite roles.
Command used for modifying the schema validation

Thanks
Aasawari

Howard_Lee1 · June 18, 2024, 2:58pm

dbAdmin does not have priviledge to execute aggregate command. readWrite does not have priviledge to execute validate. You’ll either need to add a custom role, or change the role to dbOwner to execute both validate and aggregate.