search

torodb / stampede

The ToroDB solution to provide better analytics on top of MongoDB and make it easier to migrate from MongoDB to SQL
https://www.torodb.com/stampede/
GNU Affero General Public License v3.0
1.76k stars 118 forks source link

Make Stampede work without the __system role as Mongodb hosted on Mongo Atlas doesn't allow __system role #215

Closed chinmay185 closed 5 years ago

chinmay185 commented 6 years ago

As per the documentation, Stampede needs __system role to communicate with Mongo (if Mongo is configured to authenticate clients)

When using Mongo Atlas, this __system role is not exposed and there's no way to create a user with this role.

Is there any way to get Stampede to work without this role?

teoincontatto commented 6 years ago

Hi @chinmay185,

This has not been proved but you could try to assign specific roles as explained in the MongoDB documentation:

MongoDB assigns this role to user objects that represent cluster members, such as replica set members and mongos instances. The role entitles its holder to take any action against any object in the database.

Do not assign this role to user objects representing applications or human administrators, other than in exceptional circumstances.

If you need access to all actions on all resources, for example to run applyOps commands, do not assign this role. Instead, create a user-defined role that grants anyAction on anyResource and ensure that only the users who need access to these operations have this access.

Though, I am not sure if that would work but you could try to use the root role or a combination of built-in roles (https://docs.mongodb.com/v3.2/reference/built-in-roles/).