I am using mongoVUE as mongo admin UI. My mongo server is running with authentication enabled I have created one test db (say test_db) and one user(test_user) in that db. I have authorized test_db with test_user. If i use mongo shell , than commands like "show db" ,"show collections " in some db fails with authorization problem (this is fine and excepted). But if use mongoVUE to login into mongo server using test_user. i am able to see all the db's. i can access them ,i can modify them. Do anyone know what is happening here ?
0
votes
the same database, with the same username & password, works in mongoVUE and doesn't work in mongo shell?
- milan
no..my question is different.one username and password gives access to all other datbases in mongoVUE (which is wrong). in shell it works fine as expected
- gsagrawal
aha, I see now. Only users from the admin database are allowed to see all databases. Can you confirm that mongoVUE does indeed use test_user and that it doesn't exist in the admin database?
- milan
test_user is there in admin database ,but this user doesnt have access to admin db. only admin user can access admin db.and mongoVUE is using test_user only.
- gsagrawal
ohhh..i got it now. it seems any user from admin database can access evreything. even if that account dosent have access to admin account also.
- gsagrawal
