Ruby on Rails Mongoid和Webfaction:未获得查询授权(错误16550) [英] Ruby on Rails Mongoid and Webfaction: Not Authorized For Query (Error 16550)
问题描述
我正在使用版本2.4.4,并遵循 http://docs.webfaction中的步骤. com/software/mongodb.html ,并且正在将Mongoid与Ruby on Rails结合使用.我还在使用"userAdminAnyDatabase"权限的数据库上创建了一个用户,并将其与以下rails mongoid配置一起使用:
production:
sessions:
default:
database: <table>
hosts:
- localhost:<port>
username: <user>
password: <password>
我的服务器使用--auth标志运行,并且我还使用mongodb cpmmand行尝试了该用户,并且可以运行,但是在部署了Rails应用程序的情况下,我仍然得到:
失败,错误16550:未授权
查询
有什么我想念的吗?也许我需要创建一个特殊的用户?
userAdminAnyDatabase角色并没有完全按照您的想象做.这是 MongoDB文档所说的:
重要:由于具有userAdminAnyDatabase和userAdmin的用户除了具有自己的访问级别之外,还具有创建和修改权限的能力,因此该角色实际上是MongoDB系统的超级用户.但是,userAdminAnyDatabase和userAdmin并未明确授权用户具有除用户管理之外的任何特权.
给您创建了userAdminAnyDatabase角色的用户,实际上只允许他们管理数据库(创建新用户,删除用户,访问system.*集合),但实际上并没有授权他们读取或写入任何数据. /p>
如果要创建一个具有所有管理员特权并且还可以在任何数据库中读写的超级用户,则还需要为该用户赋予readWriteAnyDatabase角色.
db.addUser({user: 'username', pwd: 'password', roles: ['readWriteAnyDatabase', 'userAdminAnyDatabase']})
I am using version 2.4.4, followed the procedures at http://docs.webfaction.com/software/mongodb.html and am using Mongoid with Ruby on Rails. I also have created a user at the db I am using with the "userAdminAnyDatabase" permission and am using it with this rails mongoid config:
production:
sessions:
default:
database: <table>
hosts:
- localhost:<port>
username: <user>
password: <password>
I have the server runing with --auth flags and I also tried the user with the mongodb cpmmand line and it works but with my Rails app deployed I am still getting:
failed with error 16550: "not authorized for query on
Is there something I am missing? Perhaps a special user I need to create?
The userAdminAnyDatabase role doesn't quite do what you might think it does. Here's what the MongoDB docs say about it:
Important: Because users with userAdminAnyDatabase and userAdmin have the ability to create and modify permissions in addition to their own level of access, this role is effectively the MongoDB system superuser. However, userAdminAnyDatabase and userAdmin do not explicitly authorize a user for any privileges beyond user administration.
Giving the user you created the userAdminAnyDatabase role, actually only allows them to administer the database (create new users, remove users, access system.* collections) but it doesn't actually authorize them to read or write any data.
If you want to create a super user who has all admin privileges and can also read and write in any database, you'll need to also give the user the readWriteAnyDatabase role.
db.addUser({user: 'username', pwd: 'password', roles: ['readWriteAnyDatabase', 'userAdminAnyDatabase']})
这篇关于Ruby on Rails Mongoid和Webfaction:未获得查询授权(错误16550)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
