Users and roles in Mongo are per databases. Meaning if you want to create a user in a certain database, you have to use that database as follows:
Authentication is disabled by default, but you can enable it in the configuration file. Again depending on the version:
security: authorization: "enabled"
Like any other database we can:
User can be created as follows:
>use hunter_dev <- Database to which this user will be authenticated
switched to db hunter_dev
> db.createUser(
... {
... "user" : "test",
... pwd: "test",
... "roles" : [
... {
... "role" : "dbOwner",
... "db" : "hunter_dev"
... }
... ]
... }
... )
Successfully added user: {
"user" : "test",
"roles" : [
{
"role" : "dbOwner",
"db" : "hunter_dev"
}
]
}
>
This command will create user called test in database hunter_dev(it will be authenticated by this database) and owner of the database.
If you want a user with a DBA owner privileges you can use the following script:
db.createUser(
{
"user" : "julien",
pwd: "password",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
]
}
)
You can select all users from the database and collection: system.users as follows:
use admin;
> var collections = db.getCollectionNames();
> for(var i = 0; i< collections.length; i++) {
... print('Collection: ' + collections[i]); // print the name of each collection
... db.getCollection(collections[i]).find().forEach(printjson); //and then print the json of each of its elements
... }
Collection: system.indexes
{
"v" : 1,
..............
Or if you know the username you can also user:
> db.getUser("adminDBA");
{
"_id" : "admin.adminDBA",
"user" : "adminDBA",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
]
}
Other way to see all the users authenticated to a certain database is to use the following command: Show users as follows:
> use admin <- Database Name to which users will be authenticated, each DB can have different users
switched to db admin
> show users
{
"_id" : "admin.adminDBA",
"user" : "adminDBA",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
]
}
>
Password reset depends on the version:
> db.changeUserPassword("app_user", "new password")
>
> db.updateUser("adminDBA", {pwd: "password123" })
>
In order to authenticate yourself you can:
[root@localhost ~]# mongo
MongoDB shell version: 3.0.15
connecting to: test
> use admin
switched to db admin
> db.auth("adminDBA","password123")
1
>
> show dbs
ExampleDB 0.078GB
admin 0.078GB
config 0.078GB
local 2.077GB
test 0.078GB
Mongo has also some system roles. In nutshell, a user can be owned of a database, have readwrite accesses and have access to all databases. Roles are set during user creation:
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
Setting a role in the admin database, usually carries higher priority and rights and setting role in other databases. More information about roles you can check below:
Several roles provide either indirect or direct system-wide superuser access.
The following roles provide the ability to assign any user any privilege on any database, which means that users with one of these roles can assign themselves any privilege on any database:
In order to upgreade the authentication schema, the following requirements are needed:
If these two requirments are met, you can perform the following command from that user:
[root@localhost ~]# mongo
MongoDB shell version: 3.0.15
connecting to: test
> use admin
switched to db admin
> db.auth("adminDBA","password123")
1
>
> show dbs
ExampleDB 0.078GB
admin 0.078GB
config 0.078GB
local 2.077GB
test 0.078GB
> db.adminCommand({authSchemaUpgrade: 1});
{ "done" : true, "ok" : 1 } <- All is fine