Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-90459

autoCompact cannot be run in Atlas, unclear what permissions needed

XMLWordPrintableJSON

    • Type: Icon: Bug Bug
    • Resolution: Works as Designed
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • RSS Sydney
    • ALL
    • RSS Sydney - 2024-05-28, RSS Sydney - 2024-06-11

      As per documentation: https://www.mongodb.com/docs/upcoming/reference/command/autoCompact/#required-privileges the "compact" privilege is all that is required (granted by dbAdmin and hostManager roles)

      But on atlas, even with atlasAdmin (which includes dbAdminAnyDatabase), it is not possible to run this command

      Atlas atlas-ktz9lc-shard-0 [primary] admin> db.runCommand({connectionStatus:1})
{
  authInfo: {
    authenticatedUsers: [ { user: 'joanna', db: 'admin' } ],
    authenticatedUserRoles: [
      { role: 'atlasAdmin', db: 'admin' },
      { role: 'backup', db: 'admin' },
      { role: 'clusterMonitor', db: 'admin' },
      { role: 'dbAdminAnyDatabase', db: 'admin' },
      { role: 'enableSharding', db: 'admin' },
      { role: 'readWriteAnyDatabase', db: 'admin' }
    ]
  },
  ok: 1,
  '$clusterTime': {
    clusterTime: Timestamp({ t: 1715560780, i: 1 }),
    signature: {
      hash: Binary(Buffer.from("b16be03314f6f64a9d9dd42e756a4cf9cce35bec", "hex"), 0),
      keyId: Long("7368272651216748549")
    }
  },
  operationTime: Timestamp({ t: 1715560780, i: 1 })
}
Atlas atlas-ktz9lc-shard-0 [primary] admin> db.runCommand( { autoCompact: true, runOnce: false })
MongoServerError: not authorized on admin to execute command { autoCompact: true, runOnce: false, apiVersion: "1", lsid: { id: UUID("664edf46-34ca-438c-ab1a-61b571d2c08e") }, $clusterTime: { clusterTime: Timestamp(1715560780, 1), signature: { hash: BinData(0, B16BE03314F6F64A9D9DD42E756A4CF9CCE35BEC), keyId: 7368272651216748549 } }, $db: "admin" }
Atlas atlas-ktz9lc-shard-0 [primary] admin> db.version()
8.0.0-rc4-220-g347c3d0

      It is possible to compact a collection with these privileges (the "force" is because we don't recommend running compact on a running replica set primary)

      Atlas atlas-ktz9lc-shard-0 [primary] test> db.runCommand( { compact: "foo", force:true})
{
  bytesFreed: 0,
  ok: 1,
  '$clusterTime': {
    clusterTime: Timestamp({ t: 1715560716, i: 1 }),
    signature: {
      hash: Binary(Buffer.from("6e1aef944bca2d22ec3c1db00c43f1591af60678", "hex"), 0),
      keyId: Long("7368272651216748549")
    }
  },
  operationTime: Timestamp({ t: 1715560716, i: 1 })
}

      Could we clarify the permissions required to be able to run the autoCompact command?

            Assignee:
            clarisse.cheah@mongodb.com Clarisse Cheah
            Reporter:
            joanna.cheng@mongodb.com Joanna Cheng
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Created:
              Updated:
              Resolved: