Definition of MongoDB User
MongoDB users are used to accessing the database as per specified grants that the user defined. The user is more important and useful in every database to access the database through the client. In MongoDB, we have to use the db.createUser method to create a new user; when adding any user into the MongoDB database, we can assign a role to the user to privileges. We can also update the user after creating, we can change the user name, password, and grant, revoke the privileges of the user. After adding a user into the database, we can create a user-specific database.
MongoDB User Operations and Roles
- Access control on the database is more important when we are working with users and roles in MongoDB.
- By default authorization to the database is disabled; we need to enable this using adding authorization in configuration files.
- The below examples show the use of security options in MongoDB.
#Security
Authorization: enabled
cat /etc/mongod.conf
- The authorization setting in MongoDB will enable and disable the role-based access control.
- Below syntax shows that create a user in MongoDB, db.createUser method is used to create a new user in MongoDB.
Syntax:
db.createUser (user_info, Writeconcern)
Parameter:
Below is the parameter description syntax of creating a user in MongoDB.
- Create User: Create user is a method that was used to create a new user in MongoDB. Using create user method, we have to create new users as per the operation specified in MongoDB.
- User or user_info: Type of user parameter is a document in creating user method. This parameter will contain the document and authentication of the user. User info contains username and privileges, which we have defining for the user.
- Write concern: This is an optional parameter to create a user method in MongoDB. Get last error command takes the same field as write concern in MongoDB.
MongoDB User and Role Operations
- To create a role with authentication restrictions in MongoDB, we must have set authentication restrictions on the database which we have using.
1. Create Role in MongoDB to Manage Current Operations
- In the following example, we have created a role name as user_test, which is used to run the only db.currentOp () and db.killOp () command.
- For creating any user in MongoDB, we need to connect the mongodb instance.
Example:
use admin
db.createRole (
{
role: "user_test",
privileges: [
{ resource: { cluster: true }, actions: [ "killop", "inprog" ] },
{ resource: { db: "", collection: "" }, actions: [ "killCursors" ] }
],
roles: []
})
- To create a user in MongoDB, we need to use the admin database first and then create a user name as user_test.
2. Create User to Run Mongostat Command
- In the below example, we have to create a role name as user_test1, which is used to provide the privileges that run only a command name as mongostat.
Example:
use admin
db.createRole(
{
role: "user_test1",
privileges: [
{ resource: { cluster: true }, actions: [ "serverStatus" ] }
],
roles: []
}
)
3. Create User and Provide Privileges to Drop System Views in Collection Across Databases
- In the below example, we have created a user name as user_test2 and provided permission to drop the system view collection.
Example:
use admin
db.createRole(
{
role: "user_test2",
privileges: [
{
actions: [ "dropCollection" ],
resource: { db: "", collection: "system.views" }
}
],
roles: []
}
)
4. Change user Password in MongoDB
- We can change the password of the existing user by using the change user password method in MongoDB.
- We have to change the user_test user password to “user”. We need to pass the user’s current username and password to change the user’s password in MongoDB.
- We need to specify the user name when we want to change the user password in MongoDB.
use test_bak;
db.changeUserPassword ("user_test", "user")
- To modify the password of any or existing user, we need to use the change user password method in MongoDB.
5. Modify the user access in MongoDB
- We can modify the access of the existing or any user in MongoDB. We can give access and revoke the privileges of an existing user.
- Below is the access which was available in MongoDB.
- Revoke grants from the role.
- Grant privileges to role.
1. Revoke a Grants from Role
- We can revoke the role of the existing user by using the db.revokeRolesFromUser () method.
- In the below example, we have revoked the grant of user_test user. We have revoked the read grants from the user_test user.
Example:
use test_bak
db.revokeRolesFromUser("user_test",
[ { role: "read", db: "test_bak" }
])
2. Grant Privileges to Role
- We can provide grants to the role or existing user by using the db.grantRolesToUser () method.
- In the below example, we have grantprivileges to the user_test user. We have provided readrole on test_bak database to user_test user.
Example:
use test_bak
db.grantRolesToUser(
"user_test",
[
{ role: "read", db: "test_bak" }
]
)
6. View user role
- We can check the user role by using the db.getUser method in MongoDB. We have to check all the details of the user_test user.
- We have to use the database name before using the method of db.getUser in MongoDB.
Example:
use test_bak;
db.getUser("user_test")
7. Create User and Provide Read Write Grant to The User
- In the below example, we have created a user name as user_test3 and can read and write on the database.
- We have provided read and write roles on test_bak and test_bak1 databases.
Example:
db.createUser(
{
user: "uset_test3",
pwd: "password",
roles: [
{ role: "read", db: "test_bak" },
{ role: "read", db: "test_bak1" },
{ role: "readWrite", db: "test_bak" },
{ role: "readWrite", db: "test_bak1" }
]
}
)
Recommended Articles
This is a guide to MongoDB Users. Here we also discuss the definition and MongoDB users operations and roles along with different examples and its code implementation. You may also have a look at the following articles to learn more –
