Differences

This shows you the differences between two versions of the page.

--- mongo_usrs_roles [2018/03/22 09:21] – external edit 127.0.0.1
+++ mongo_usrs_roles [2019/10/18 20:04] (current) – external edit 127.0.0.1
@@ Line 3: / Line 3: @@
-=====User=====
+=====Enable Authentication=====
+Authentication is disabled by default, but you can enable it in the configuration file. Again depending on the version:
+  * Less then 3.X: Add the "auth" parameter
+  * Higher than 3.X: Add the following paramer:
+<sxh bash>
+security:
+  authorization: "enabled"
+</sxh>
+=====User Management=====
+Like any other database we can:
+  * Create user
+  * Delete user
+  * Reset password
+  * Assign roles to user
+====Create User====
 User can be created as follows:
@@ Line 36: / Line 56: @@
 This command will create user called test in database hunter_dev(it will be authenticated by this database) and owner of the database.
+If you want a user with a DBA owner privileges you can use the following script:
+<sxh bash>
+db.createUser(
+ {
+       "user" : "julien",
+       pwd: "password",
+        "roles" : [
+                {
+                        "role" : "userAdminAnyDatabase",
+                        "db" : "admin"
+                },
+                {
+                        "role" : "root",
+                        "db" : "admin"
+                },
+                {
+                        "role" : "dbOwner",
+                        "db" : "admin"
+                },
+                {
+                        "role" : "userAdmin",
+                        "db" : "admin"
+                }
+        ]
+}
+)
+</sxh>
 You can select all users from the database and collection: system.users as follows:
@@ Line 55: / Line 105: @@
 Or if you know the username you can also user:
 <sxh bash>
@@ Line 87: / Line 136: @@
 Other way to see all the users authenticated to a certain database is to use the following command: Show users as follows:
 <sxh bash>
@@ Line 118: / Line 166: @@
 >
 </sxh>
-=====Roles=====
+====Reset password====
+Password reset depends on the version:
+===For Mongo <3.X===
+<sxh bash>
+> db.changeUserPassword("app_user", "new password")
+>
+</sxh>
+===For Mongo >=3.X===
+<sxh bash>
+> db.updateUser("adminDBA", {pwd: "password123" })
+>
+</sxh>
+In order to authenticate yourself you can:
+===Login with username and password===
+<sxh bash>
+</sxh>
+===Authenticate once connected===
+<sxh bash>
+[root@localhost ~]# mongo
+MongoDB shell version: 3.0.15
+connecting to: test
+> use admin
+switched to db admin
+> db.auth("adminDBA","password123")
+
+>
+> show dbs
+ExampleDB  0.078GB
+admin      0.078GB
+config     0.078GB
+local      2.077GB
+test       0.078GB
+</sxh>
+====Roles====
 Mongo has also some system roles. In nutshell, a user can be owned of a database, have readwrite accesses and have access to all databases. Roles are set during user creation:
@@ Line 154: / Line 244: @@
   * userAdmin role, when scoped to the admin database
   * userAdminAnyDatabase role
+=====Upgrade authentication schema=====
+In order to upgreade the authentication schema, the following requirements are needed:
+  * Server is at least 3.4 and less than 4.0
+  * There is a user with the "userAdminAnyDatabase" role in the admin database
+If these two requirments are met, you can perform the following command from that user:
+<sxh bash>
+[root@localhost ~]# mongo
+MongoDB shell version: 3.0.15
+connecting to: test
+> use admin
+switched to db admin
+> db.auth("adminDBA","password123")
+>
+> show dbs
+ExampleDB  0.078GB
+admin      0.078GB
+config     0.078GB
+local      2.077GB
+test       0.078GB
+> db.adminCommand({authSchemaUpgrade: 1});
+{ "done" : true, "ok" : 1 }   <- All is fine
+</sxh>