Error
Error Code: 32

MongoDB Error 32: Roles Not Related

📦 MongoDB
📋

Description

This error indicates an attempt to define a relationship between roles that MongoDB cannot establish, often because a specified role does not exist or is not accessible within the current scope. It typically occurs during user or role management operations when granting or modifying roles.
💬

Error Message

Roles Not Related
🔍

Known Causes

4 known causes
⚠️
Non-Existent Role
You attempted to grant or reference a role that has not been defined or created in the MongoDB instance.
⚠️
Incorrect Database Scope
The role you are referencing exists but is defined in a different database than where you are trying to use or inherit it.
⚠️
Typographical Error
The name of the role specified contains a typo, preventing MongoDB from finding a matching role.
⚠️
Invalid Role Inheritance
An attempt was made to establish an inheritance or relationship between roles that is not permitted or logically consistent within MongoDB's role hierarchy.
🛠️

Solutions

3 solutions available

1. Verify Role Assignment Scope easy

Ensure the role being checked is actually assigned to the user at the correct database or cluster level.

1
Connect to your MongoDB instance using the `mongosh` shell.
mongosh
2
Switch to the database where the user is defined or the admin database if it's a cluster-wide role.
use <database_name>
3
Retrieve the user's information, specifically looking at their assigned roles. Pay close attention to the database and collection scope of each role.
db.getUser('<username>')
4
Examine the output for the role that is causing the error. Confirm that it is listed with the correct database or cluster-wide scope. If the role is intended for a specific database, ensure it's listed under that database. If it's a cluster-wide role, it should be listed under the `admin` database.
Example output snippet:
{
  ...,
  "roles": [
    { "role": "readWrite", "db": "myAppDB" },
    { "role": "clusterMonitor", "db": "admin" }
  ],
  ...
}
5
If the role is missing or has the wrong scope, you will need to re-assign it correctly using `grantRolesToUser`.
db.grantRolesToUser('<username>', [ { role: '<role_name>', db: '<database_name>' } ])

2. Re-assign the Role with Correct Scope medium

Explicitly grant the role again, ensuring the correct database or cluster scope is specified.

1
Connect to your MongoDB instance using `mongosh`.
mongosh
2
Switch to the `admin` database, as roles are managed globally and then applied to specific databases.
use admin
3
Identify the exact name of the role and the user experiencing the error.
text
User: myUser
Role: myCustomRole
4
If the role is intended for a specific database (e.g., 'myAppDB'), grant it with that database scope. If it's a cluster-wide role, ensure the `db` parameter is 'admin'.
db.grantRolesToUser('myUser', [ { role: 'myCustomRole', db: 'myAppDB' } ])
5
If the role is cluster-wide (e.g., `clusterMonitor`), grant it to the `admin` database.
db.grantRolesToUser('myUser', [ { role: 'clusterMonitor', db: 'admin' } ])
6
Verify the user's roles again after the re-assignment.
db.getUser('myUser')

3. Check for Role Definition Errors advanced

Ensure the custom role itself is correctly defined and not referencing non-existent privileges.

1
Connect to your MongoDB instance using `mongosh`.
mongosh
2
Switch to the `admin` database.
use admin
3
Retrieve the definition of the custom role.
db.getRole('<rolename>')
4
Carefully examine the `privileges` array within the role definition. Ensure that all specified `resource` and `actions` are valid and correspond to existing MongoDB operations and collections/databases. For example, a privilege might look like:

{
"resource": {
"db": "myAppDB",
"collection": "myCollection"
},
"actions": ["find", "findOne"]
}

If a `db` or `collection` specified here does not exist, or if an `action` is invalid, it can lead to this error.
Example output snippet:
{
  ...,
  "privileges": [
    {
      "resource": {
        "db": "myAppDB",
        "collection": "users"
      },
      "actions": ["find", "insert", "update", "remove"]
    }
  ],
  ...
}
5
If you find any invalid privilege definitions, you will need to correct them. This might involve creating the missing database/collection or correcting the action names. Then, re-assign the role to the user with the corrected definition. You might need to use `dropRole` and `createRole` for significant changes.
db.createRole({
  role: '<rolename>',
  privileges: [
    {
      resource: { db: 'myAppDB', collection: 'myCollection' },
      actions: [ 'find', 'findOne' ]
    }
  ],
  roles: []
})
🔗

Related Errors

5 related errors
30 Error
MongoDB Error 30: Invalid Path Specified Error 30, 'Invalid Path', indicates that MongoDB encountered a path that is malf...
31 Error
MongoDB Error 31: Role Not Found Error 31, 'Role Not Found', indicates that a specified role name does not exist ...
33 Error
MongoDB Error 33: Missing User Permissions Error 33, 'Privilege Not Found', indicates that the authenticated user attemptin...
29 Error
MongoDB Error 29: Non Existent Path MongoDB Error 29, 'Non Existent Path', indicates that the database or an associa...
49 Error
MongoDB Error 49: Invalid Role Update Attempt Error 49, 'Invalid Role Modification', indicates that an attempt to change or up...