I'm using MMS to manage my a typical sharding cluster with just one shard (at the moment): 3 mongod for shard000 (2 servers + 1 arbiter) + 1 config server + 2 mongos instances.
Auth is enabled and it's working well. I've added a user-defined role in the MMS admin console, and I can see it in mongo shell.
db.system.roles.findOne()
{
"_id" : "admin.myrole",
"role" : "myrole",
"db" : "admin",
"privileges" : [
{
"resource" : {
"db" : "",
"collection" : ""
},
"actions" : [
"changeCustomData",
"changePassword",
...
I want to change it to AnyAction on AnyResource (as doEval action requires). So, I'm trying to execute this:
db.runCommand({ "updateRole": "myrole", "privileges": [ { resource: { anyResource: true}, actions: [ "anyAction" ] } ] }); db.system.roles.findOne()`
and for one second, I get the result I want:
{
"_id" : "admin.myrole",
"role" : "myrole",
"db" : "admin",
"privileges" : [
{
"resource" : {
"anyResource" : true
},
"actions" : [
"anyAction"
]
}
],
"roles" : [ ]
}
But, about two seconds later: the role got restored:
configsvr> db.system.roles.findOne()
{
"_id" : "admin.myrole",
"role" : "myrole",
"db" : "admin",
"privileges" : [
{
"resource" : {
"db" : "",
"collection" : ""
},
"actions" : [
"changeCustomData",
"changePassword",
...
and I don't know "who" is restoring it. I've tried the above commands from the PRIMARY and from CONFIG server in admin database.
How can I get the role stored?
P.S: I know that "eval" is deprecated in 3.0, but what I'm asking is the reason I can't update the role.