MongoDB and its' evil Map Reduce twin

December 2, 2015

 

As discussed in earlier posts, MongoDB, is my current back-end database, as such, experimenting with its' capabilities seems trivial.

The permission hazard of old tools and new were already solved here

 

Due to one of my colleague request to use the map reduce mechanism MongoDB allows, another issue has been revealed with the permissions.

 

Problem:

We have a collection with read permission, and we would like to output the map reduce function to another collection with write permissions.

So far, it seems trivial, but the plot thickens, when testing with the above permissions we get an error return code 13, operation is not authorized.

Please note that the permission related to the Map-Reduce and server side scripts is not mentioned in the MongoDB documentation.


The Undocumented not existing solution:

The permission required to use map reduce is Write permission for both the source collection and target collection of the Map-Reduce operation.

 

This leads to the inability to use map reduce if you are not willing to bend the permission scheme, which as it is well known, once you bend it once, all hell might and will break loose someday.

 

Do not use map reduce functionality, use the aggregation framework instead, other than that, it is recommended not to enable server side JavaScript, due to its vulnerability as mentioned in the production security notes

 

I hope this short manual helped you, if not let me know in comments section

Please reload

Recent Posts

February 17, 2016

Please reload

Archive

Please reload

Tags

Please reload

 
  • Facebook
  • Twitter
  • LinkedIn

©2017 by Dror Asaf. Proudly created with Wix.com