-
Type: Bug
-
Resolution: Works as Designed
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
RSS Sydney
-
ALL
-
RSS Sydney - 2024-05-28, RSS Sydney - 2024-06-11
As per documentation: https://www.mongodb.com/docs/upcoming/reference/command/autoCompact/#required-privileges the "compact" privilege is all that is required (granted by dbAdmin and hostManager roles)
But on atlas, even with atlasAdmin (which includes dbAdminAnyDatabase), it is not possible to run this command
Atlas atlas-ktz9lc-shard-0 [primary] admin> db.runCommand({connectionStatus:1}) { authInfo: { authenticatedUsers: [ { user: 'joanna', db: 'admin' } ], authenticatedUserRoles: [ { role: 'atlasAdmin', db: 'admin' }, { role: 'backup', db: 'admin' }, { role: 'clusterMonitor', db: 'admin' }, { role: 'dbAdminAnyDatabase', db: 'admin' }, { role: 'enableSharding', db: 'admin' }, { role: 'readWriteAnyDatabase', db: 'admin' } ] }, ok: 1, '$clusterTime': { clusterTime: Timestamp({ t: 1715560780, i: 1 }), signature: { hash: Binary(Buffer.from("b16be03314f6f64a9d9dd42e756a4cf9cce35bec", "hex"), 0), keyId: Long("7368272651216748549") } }, operationTime: Timestamp({ t: 1715560780, i: 1 }) } Atlas atlas-ktz9lc-shard-0 [primary] admin> db.runCommand( { autoCompact: true, runOnce: false }) MongoServerError: not authorized on admin to execute command { autoCompact: true, runOnce: false, apiVersion: "1", lsid: { id: UUID("664edf46-34ca-438c-ab1a-61b571d2c08e") }, $clusterTime: { clusterTime: Timestamp(1715560780, 1), signature: { hash: BinData(0, B16BE03314F6F64A9D9DD42E756A4CF9CCE35BEC), keyId: 7368272651216748549 } }, $db: "admin" } Atlas atlas-ktz9lc-shard-0 [primary] admin> db.version() 8.0.0-rc4-220-g347c3d0
It is possible to compact a collection with these privileges (the "force" is because we don't recommend running compact on a running replica set primary)
Atlas atlas-ktz9lc-shard-0 [primary] test> db.runCommand( { compact: "foo", force:true}) { bytesFreed: 0, ok: 1, '$clusterTime': { clusterTime: Timestamp({ t: 1715560716, i: 1 }), signature: { hash: Binary(Buffer.from("6e1aef944bca2d22ec3c1db00c43f1591af60678", "hex"), 0), keyId: Long("7368272651216748549") } }, operationTime: Timestamp({ t: 1715560716, i: 1 }) }
Could we clarify the permissions required to be able to run the autoCompact command?