Definition of MongoDB User
MongoDB users are used to access the database as per specified grants which were defined by the user, the user is more important and useful in every database to access the database through the client. In MongoDB, we have to use the db.createUser method to create new user, when adding any user into the MongoDB database we can assign a role to the user in order to privileges. We can also update the user after creating, we can change user name, password, and grant, revoke privileges of the user. After adding a user into the database we can create a user-specific database.
MongoDB User Operations and Roles
- Access control on the database is more important when we are working with user and roles in MongoDB.
- By default authorization to the database is disabled, we need to enable this using adding authorization in configuration files.
- The below examples show the use of security options in MongoDB.
#Security
Authorization: enabled
cat /etc/mongod.conf
- The authorization setting in MongoDB will enable and disable the role-based access control.
- Below syntax shows that create a user in MongoDB, db.createUser method is used to create a new user in MongoDB.
Syntax:
db.createUser (user_info, Writeconcern)
Parameter:
Below is the parameter description syntax of creating a user in MongoDB.
- Create User: Create user is a method that was used to create a new user in MongoDB. Using create user method we have creating new users as per operation specified in MongoDB.
- User or user_info: Type of user parameter is a document in creating user method. This parameter will contain the document and authentication of the user. User info contains username and privileges which we have defining for the user.
- Write concern: This is an optional parameter of create a user method in MongoDB. Get last error command takes the same field as write concern in MongoDB.
MongoDB User and Role Operations
- To create a role with authentication restrictions in MongoDB, we must have set authentication restriction on the database which we have using.
1. Create Role in MongoDB to Manage Current Operations
- In the following example, we have created role name as user_test, which is used to run only db.currentOp () and db.killOp () command.
- For creating any user in MongoDB we need to connect the mongodb instance.
Example:
use admin
db.createRole (
{
role: "user_test",
privileges: [
{ resource: { cluster: true }, actions: [ "killop", "inprog" ] },
{ resource: { db: "", collection: "" }, actions: [ "killCursors" ] }
],
roles: []
})
- For creating user in MongoDB we need to use the admin database first and then we have to create user name as user_test.
2. Create User to Run Mongostat Command
- In the below example, we have to create a role name as user_test1 which is used to provide the privileges that run only command name as mongostat.
Example:
use admin
db.createRole(
{
role: "user_test1",
privileges: [
{ resource: { cluster: true }, actions: [ "serverStatus" ] }
],
roles: []
}
)
3. Create User and Provide Privileges to Drop System Views in Collection Across Databases
- In the below example, we have created a user name as user_test2 and provided permission to drop system view collection.
Example:
use admin
db.createRole(
{
role: "user_test2",
privileges: [
{
actions: [ "dropCollection" ],
resource: { db: "", collection: "system.views" }
}
],
roles: []
}
)
4. Change user Password in MongoDB
- We can change the password of the existing user by using the change user password method in MongoDB.
- We have changing user_test user password as “user”. We need to pass the current username and new password of the user to change the password of the user in MongoDB.
- We need to specify the user name when we want to change the user password in MongoDB.
use test_bak;
db.changeUserPassword ("user_test", "user")
- To modify the password of any or existing user we need to use the change user password method in MongoDB.
5. Modify the user access in MongoDB
- We can modify the access of the existing or any user in MongoDB. We can give access and revoke the privileges of an existing user.
- Below is the access which was available in MongoDB.
- Revoke grants from the role.
- Grant privileges to role.
1. Revoke a Grants from Role
- We can revoke the role of the existing user by using db.revokeRolesFromUser () method.
- In the below example, we have revoke the grant of user_test user. We have revoke the read grants from the user_test user.
Example:
use test_bak
db.revokeRolesFromUser("user_test",
[ { role: "read", db: "test_bak" }
])
4.5 (4,805 ratings)
View Course
2. Grant Privileges to Role
- We can provide grants to role or existing user by using db.grantRolesToUser () method.
- In the below example, we have grantprivileges to user_test user. We have provided readrole on test_bak database to user_test user.
Example:
use test_bak
db.grantRolesToUser(
"user_test",
[
{ role: "read", db: "test_bak" }
]
)
6. View user role
- We can check the user role by using the db.getUser method in MongoDB. We have to check all the details of user_test user.
- We have to use the database name before using the method of db.getUser in MongoDB
Example:
use test_bak;
db.getUser("user_test")
7. Create User and Provide Read Write Grant to The User
- In the below example, we have created a user name as user_test3 and provide the role as read and write on the database.
- We have provided read and write role on test_bak and test_bak1 database.
Example:
db.createUser(
{
user: "uset_test3",
pwd: "password",
roles: [
{ role: "read", db: "test_bak" },
{ role: "read", db: "test_bak1" },
{ role: "readWrite", db: "test_bak" },
{ role: "readWrite", db: "test_bak1" }
]
}
)
Recommended Articles
This is a guide to MongoDB Users. Here we also discuss the definition and MongoDB users operations and roles along with different examples and its code implementation. You may also have a look at the following articles to learn more –