📋

Description

Error 58, 'Role Modification Failed,' indicates that MongoDB was unable to complete an operation related to altering user roles. This typically occurs when a user attempts to create, update, or delete a role without the necessary administrative privileges or when targeting an immutable system role.

💬

Error Message

Role Modification Failed

🔍

Known Causes

3 known causes

⚠️

Insufficient User Privileges

The user attempting to modify the role lacks the required administrative permissions (e.g., `grantRole`, `revokeRole`, `createRole`).

⚠️

Attempting to Modify Built-in Role

MongoDB's built-in roles (like `read`, `readWrite`, `dbAdmin`) cannot be directly modified or deleted by users.

⚠️

Role Does Not Exist

The specified role name in the modification command does not correspond to an existing role in the database.

🛠️

Solutions

3 solutions available

1. Verify User Authentication and Authorization easy

Ensure the user performing the role modification has the necessary privileges and is authenticated correctly.

1

Connect to your MongoDB instance using an administrative user account that has the `userAdminAnyDatabase` or `userAdmin` role.

mongosh --username <admin_user> --password --authenticationDatabase admin

2

Attempt to grant or modify the role again. This verifies if the issue was a transient authentication or authorization problem.

db.grantRolesToUser("username", [ { role: "rolename", db: "dbname" } ])

3

If the above command fails, check the user's existing roles and permissions. Ensure the user performing the operation has the `userAdmin` role on the database where the user/role resides, or `userAdminAnyDatabase` for cross-database operations.

db.getUser("username")

4

If the user lacks the necessary roles, grant them to the administrative user you are currently logged in as.

db.grantRolesToUser("<admin_user>", [ { role: "userAdminAnyDatabase", db: "admin" } ])

2. Check for Conflicting Role Definitions medium

Investigate if the role being modified or granted already exists with conflicting definitions or permissions.

1

Connect to MongoDB as an administrator.

mongosh --username <admin_user> --password --authenticationDatabase admin

2

List all roles defined on the target database to identify potential duplicates or similar roles.

db.getRoles({showBuiltinRoles: false})

3

If you find a role with the same name but different permissions, you may need to consolidate or rename roles. Alternatively, if you are trying to grant a role that exists with different permissions, MongoDB might reject the operation.

db.revokeRolesFromUser("username", [ { role: "conflicting_rolename", db: "dbname" } ])
db.grantRolesToUser("username", [ { role: "new_rolename_with_correct_permissions", db: "dbname" } ])

4

Carefully review the exact role name and database name you are attempting to grant/modify. Case sensitivity matters.

db.grantRolesToUser("username", [ { role: "MyRole", db: "myDatabase" } ]) // Incorrect if role is 'myrole'

3. Restart MongoDB Service easy

A simple restart can resolve transient issues with the authorization system.

1

On Linux systems, use systemctl to restart the MongoDB service.

sudo systemctl restart mongod

2

On Windows systems, open the Services application, locate MongoDB, and restart it.

N/A (GUI operation)

3

After the service has restarted, attempt the role modification operation again.

db.grantRolesToUser("username", [ { role: "rolename", db: "dbname" } ])

🔗

Related Errors

5 related errors

MongoDB Error 58: Role Change Failure