Grant right to use eval on Mongodb 32

One of the side effect of enabling authorization on MongDb is that, even if you create a user with “root” right, this account is not able to execute the $eval command. The simpthom is, when you try to execute $eval you got this error

1

mongodb Command '$eval' failed: not authorized on jarvis-framework-saga-test to execute command

This happens because $eval is somewhat deprecated, and it should not be used. Since it is a dangerous command, a user should have access to all action on all resources, and you need to create a role that has anyAction on anyResource.

If you really need to use $eval, you should create a role, just connect to the admin database and create a new role with the command.

1
2

db.createRole( { 	role: "executeEval", 	privileges: [{ 		resource: { anyResource: true }, 		actions: ["anyAction"] }], 	roles: []
 } ) 

Now that you have this new role, just add to all the users that need to use $eval, as an example, if you have a single admin user in admin database, just run this against the admin db.

1

db.grantRolesToUser("admin", [{ role: "executeFunctions", db: "admin" }])

And now the admin user can execute $eval against all databases.

Gian Maria.