mongo 系统权限问题

今天给研发，创建测试库，分配相关权限 ，发现一些小问题如果下：

1、

use testdb

mongos> db.createUser(
...   {
...     user: "testdb",
...     pwd: "testdb",
...     roles: [ { role: "readWrite", db: "testdb" } ]
...   }
... )

可以看到在普通数据库创建用户，给予普通的角色，是可以正常创建，但是，当给普通的数据库创建具有管理权限的用户，给予管理角色，就会报错，提示没有此角色，如下：

use testdb

mongos> db.createUser(
...   {
...     user: "test",
...     pwd: "test",
...     roles: [ { role: "root", db: "testdb" } ]
...   }
... )
2017-05-18T12:03:11.312+0800 E QUERY    [thread1] Error: couldn't add user: No role named root@testdb :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1267:15
@(shell):1:1

授权也是会一样的报错：

mongos>  db.grantRolesToUser( "testdb", { role: "root", db: "admin" }, { writeConcern: { w: "majority" , wtimeout: 2000 } } )

2017-05-18T11:49:05.659+0800 E QUERY    [thread1] Error: "roles" had the wrong type. Expected Array, found Object :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.grantRolesToUser@src/mongo/shell/db.js:1473:19

@(shell):1:1

但是使用use admin 可以正常创建用户

mongos>  db.createUser(
...   {
...     user: "admin",
...     pwd: "admin",
...     roles: [ { role: "root", db: "admin" } ]
...   }
... )

后来就发现，管理权限的只能针对admin数据

mongos> use  testdb；

mongos>  db.grantRolesToUser( "testdb", { role: "root", db: "admin" }, { writeConcern: { w: "majority" , wtimeout: 2000 } } )

mongos> use admin
switched to db admin
mongos> show tables
system.users
system.version
mongos> db.system.users.find().pretty()

{
"_id" : "testdb.testdb",
"user" : "testdb",
"db" : "testdb",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "oaPAbXPzfFXEPV6ebyvNHg==",
"storedKey" : "0UyanXIbt2rREDWNMQzQqFuUGgw=",
"serverKey" : "bV0KR/gIjNa9kWXHT6z6lho8cFM="
}
},
"roles" : [
{
"role" : "root",
"db" : "admin"
},
{
"role" : "read",
"db" : "testdb"
},
{
"role" : "readWrite",
"db" : "testdb"
}
]
}