MongoDB Users

Definition of MongoDB User

MongoDB users are used to accessing the database as per specified grants that the user-defined. The user is more important and useful in every database to access the database through the client. In MongoDB, we have to use the db.createUser method to create a new user, when adding any user into the MongoDB database, we can assign a role to the user to privileges. We can also update the user after creating, we can change user name, password, and grant, revoke privileges of the user. After adding a user into the database, we can create a user-specific database.

MongoDB User Operations and Roles

• Access control on the database is more important when we are working with user and roles in MongoDB.
• By default authorization to the database is disabled, we need to enable this using adding authorization in configuration files.
• The below examples show the use of security options in MongoDB.

#Security

Authorization: enabled

cat /etc/mongod.conf

• The authorization setting in MongoDB will enable and disable the role-based access control.
• Below syntax shows that create a user in MongoDB, db.createUser method is used to create a new user in MongoDB.

Syntax:

db.createUser (user_info, Writeconcern)

Parameter:

Below is the parameter description syntax of creating a user in MongoDB.

• Create User: Create user is a method that was used to create a new user in MongoDB. Using create user method, we have to create new users as per operation specified in MongoDB.
• User or user_info: Type of user parameter is a document in creating user method. This parameter will contain the document and authentication of the user. User info contains username and privileges which we have defining for the user.
• Write concern: This is an optional parameter to create a user method in MongoDB. Get last error command takes the same field as write concern in MongoDB.

MongoDB User and Role Operations

• To create a role with authentication restrictions in MongoDB, we must have set authentication restriction on the database which we have using.

1. Create Role in MongoDB to Manage Current Operations

• In the following example, we have created role name as user_test, which is used to run the only db.currentOp () and db.killOp () command.
• For creating any user in MongoDB, we need to connect the mongodb instance.

Example:

use admin
db.createRole (
{
role: "user_test",
privileges: [
{ resource: { cluster: true }, actions: [ "killop", "inprog" ] },
{ resource: { db: "", collection: "" }, actions: [ "killCursors" ] }
],
roles: [] })

• To create a user in MongoDB, we need to use the admin database first and then create a user name as user_test.

2. Create User to Run Mongostat Command

• In the below example, we have to create a role name as user_test1, which is used to provide the privileges that run only a command name as mongostat.

Example:

use admin
db.createRole(
{
role: "user_test1",
privileges: [
{ resource: { cluster: true }, actions: [ "serverStatus" ] }
],
roles: [] }
)

3. Create User and Provide Privileges to Drop System Views in Collection Across Databases

• In the below example, we have created a user name as user_test2 and provided permission to drop the system view collection.

Example:

use admin
db.createRole(
{
role: "user_test2",
privileges: [
{
actions: [ "dropCollection" ],
resource: { db: "", collection: "system.views" }
}
],
roles: [] }
)

4. Change user Password in MongoDB

• We can change the password of the existing user by using the change user password method in MongoDB.
• We have changing user_test user password as “user”. We need to pass the user’s current username and password to change the user’s password in MongoDB.
• We need to specify the user name when we want to change the user password in MongoDB.

use test_bak;
db.changeUserPassword ("user_test", "user")

• To modify the password of any or existing user, we need to use the change user password method in MongoDB.

5. Modify the user access in MongoDB

• We can modify the access of the existing or any user in MongoDB. We can give access and revoke the privileges of an existing user.
• Below is the access which was available in MongoDB.
  • Revoke grants from the role.
  • Grant privileges to role.

1. Revoke a Grants from Role

• We can revoke the role of the existing user by using db.revokeRolesFromUser () method.
• In the below example, we have revoked the grant of user_test user. We have revoked the read grants from the user_test user.

Example:

use test_bak
db.revokeRolesFromUser("user_test",
[ { role: "read", db: "test_bak" }
])

2. Grant Privileges to Role

• We can provide grants to the role or existing user by using db.grantRolesToUser () method.
• In the below example, we have grantprivileges to user_test user. We have provided readrole on test_bak database to user_test user.

Example:

use test_bak
db.grantRolesToUser(
"user_test",
[
{ role: "read", db: "test_bak" }
] )

6. View user role

• We can check the user role by using the db.getUser method in MongoDB. We have to check all the details of user_test user.
• We have to use the database name before using the method of db.getUser in MongoDB.

Example:

use test_bak;
db.getUser("user_test")

7. Create User and Provide Read Write Grant to The User

• In the below example, we have created a user name as user_test3 and can read and write on the database.
• We have provided read and write role on test_bak and test_bak1 database.

Example:

db.createUser(
{
user: "uset_test3",
pwd: "password",
roles: [
{ role: "read", db: "test_bak" },
{ role: "read", db: "test_bak1" },
{ role: "readWrite", db: "test_bak" },
{ role: "readWrite", db: "test_bak1" }
] }
)

Recommended Articles

This is a guide to MongoDB Users. Here we also discuss the definition and MongoDB users operations and roles along with different examples and its code implementation. You may also have a look at the following articles to learn more –

1. MongoDB count
2. MongoDB Geospatial
3. MongoDB Delete
4. MongoDB Array