This is an old revision of the document!
Overview
Users and roles in Mongo are per databases. Meaning if you want to create a user in a certain database, you have to use that database as follows:
User
User can be created as follows:
>use hunter_dev <- Database to which this user will be authenticated
switched to db hunter_dev
> db.createUser(
... {
... "user" : "test",
... pwd: "test",
... "roles" : [
... {
... "role" : "dbOwner",
... "db" : "hunter_dev"
... }
... ]
... }
... )
Successfully added user: {
"user" : "test",
"roles" : [
{
"role" : "dbOwner",
"db" : "hunter_dev"
}
]
}
>
This command will create user called test in database hunter_dev(it will be authenticated by this database) and owner of the database. You can select all users from the database and collection: system.users as follows:
use admin;
> var collections = db.getCollectionNames();
> for(var i = 0; i< collections.length; i++) {
... print('Collection: ' + collections[i]); // print the name of each collection
... db.getCollection(collections[i]).find().forEach(printjson); //and then print the json of each of its elements
... }
Collection: system.indexes
{
"v" : 1,
..............
Or if you know the username you can also user:
> db.getUser("adminDBA");
{
"_id" : "admin.adminDBA",
"user" : "adminDBA",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
]
}
Other way to see all the users authenticated to a certain database is to use the following command: Show users as follows:
> use admin <- Database Name to which users will be authenticated, each DB can have different users
switched to db admin
> show users
{
"_id" : "admin.adminDBA",
"user" : "adminDBA",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
]
}
>
Roles
Mongo has also some system roles. In nutshell, a user can be owned of a database, have readwrite accesses and have access to all databases. Roles are set during user creation:
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
}
Setting a role in the admin database, usually carries higher priority and rights and setting role in other databases. More information about roles you can check below:
Superuser Roles
Several roles provide either indirect or direct system-wide superuser access.
The following roles provide the ability to assign any user any privilege on any database, which means that users with one of these roles can assign themselves any privilege on any database:
- dbOwner role, when scoped to the admin database
- userAdmin role, when scoped to the admin database
- userAdminAnyDatabase role