Error
Error Code:
33
MongoDB Error 33: Missing User Permissions
Description
Error 33, 'Privilege Not Found', indicates that the authenticated user attempting an operation lacks the necessary permissions to perform that action. This typically occurs when a user's assigned roles do not grant the required privileges for the specific database, collection, or administrative task.
Error Message
Privilege Not Found
Known Causes
3 known causesInsufficient Role Privileges
The user's assigned role(s) do not explicitly grant the necessary read, write, or administrative privileges for the attempted operation on the specified resource.
Incorrect Resource Scope
The granted privileges might apply to a different database or collection than the one being accessed, leading to a permission denial.
Misconfigured Custom Roles
A custom role intended to grant specific privileges may have been defined incorrectly, inadvertently omitting the required actions.
Solutions
4 solutions available1. Grant Necessary Role to the User easy
Assign a role that includes the required privileges to the user.
1
Connect to your MongoDB instance using an administrator account (e.g., the initial admin user).
mongosh2
Switch to the 'admin' database, as roles are typically managed here.
use admin3
Grant a built-in role or a custom role that contains the missing privilege to the user. Replace 'your_user', 'your_database', and 'your_role' with your specific values.
db.grantRolesToUser('your_user', [{ role: 'your_role', db: 'your_database' }])4
If you are unsure of the exact privilege needed, you can grant a broader role like 'readWriteAnyDatabase' or 'dbAdminAnyDatabase' for testing purposes, but be mindful of security implications.
db.grantRolesToUser('your_user', [{ role: 'readWriteAnyDatabase', db: 'admin' }])2. Create a Custom Role with Specific Privileges medium
Define a new role with only the necessary privileges to avoid over-permissioning.
1
Connect to your MongoDB instance using an administrator account.
mongosh2
Switch to the 'admin' database.
use admin3
Create a new custom role. Replace 'myCustomRole', 'your_database', and list the specific actions required.
db.createRole({ role: 'myCustomRole', privileges: [{ resource: { db: 'your_database', collection: 'your_collection' }, actions: ['find', 'insert'] }], roles: [] })4
Grant the newly created custom role to your user.
db.grantRolesToUser('your_user', [{ role: 'myCustomRole', db: 'your_database' }])3. Verify User and Role Assignments easy
Inspect the user's existing roles and privileges to identify the gap.
1
Connect to your MongoDB instance using an administrator account.
mongosh2
Switch to the 'admin' database.
use admin3
Find the user and examine their assigned roles and inherited privileges. Replace 'your_user'.
db.getUser('your_user')4
Analyze the output of `db.getUser()`. The 'roles' array will show the roles assigned to the user. For each role, check the privileges it grants. If the required privilege is missing, you'll need to grant a role that provides it.
text4. Ensure Correct Authentication Database is Specified medium
The authentication database specified during user creation or connection might be incorrect.
1
When creating a user, the `authentication database` parameter is crucial. If it's set incorrectly, the user's roles might not be recognized correctly. Recreate the user if necessary, ensuring the correct authentication database (usually 'admin').
db.createUser({ user: 'your_user', pwd: passwordPrompt(), roles: [{ role: 'readWrite', db: 'your_database' }], authenticationDatabase: 'admin' })2
When connecting, ensure the `authSource` parameter in your connection string or driver options is set to the correct authentication database.
mongodb://your_user:your_password@your_host:your_port/?authSource=admin