Securing MongoDB – User Administration

The db.createUser(user, writeConcern) method used to create users.We need to provide the username, password and roles

The definition of createUser as follows

{ 
user: "<name>",
pwd: "password>",
customData: { <User Tag> },
roles: [
    { role: "<role>", db: "<database>" },
    { role: "<role>", db: "<database>"},    ...
        ]
}

Role

Role is an approach to restricting system/DB access to authorized users.The security hierarchy is similar to various DB technologies. There are various roles are

Database User Roles

  • read
  • readWrite

Database Administration Roles

  • dbAdmin
  • dbOwner
  • userAdmin

Cluster Administration Roles

  • clusterAdmin
  • clusterManager
  • clusterMonitor
  • hostManager

Backup and Restoration Roles

  • backup
  • restore

All-Database Roles

  • readAnyDatabase
  • readWriteAnyDatabase
  • userAdminAnyDatabase
  • dbAdminAnyDatabase

Superuser Roles

  • root

Internal Role

  • –system

The Roles are a self explanatory. For further reading, read the following MongoDB reference manual Roles

Create User

 

db.createUser(
 {
 user: "reportUser",
 pwd: "12345678",
 roles: [
             {role: "read", db :"northwind"},
             {role: "readWrite", db: "records"},
             {role: "backup", db: "admin"},
             {role:"clusterAdmin", db: "admin"},
             {role:"readAnyDatabase", db: "admin"}
         ]
 }
)

 

Identify the user roles by using db.getUser()

db.getUser("reportUser")

CreateUser1

Change Password

>db.changeUserPassword("reportUser","!@#$1234Mongo")

Drop a user from mongodb using the db.dropUser()

>db.dropUser("reportUser")

Revoke a role from the user using revokeRolesFromUser()

>db.revokRolesFromUser(
"reportUser",
[
{role: "readWrite", db:" northwind"},
{role: "backup", db: "admin"}
]
)

CreateUser2.jpg
Advertisements

About Prashanth Jayaram

DB Technologist, Author, Blogger, Operations-Mgr at CTS, Automation Expert, Technet WIKI Ninja, MVB and Powershell Geek You can connect me via https://social.technet.microsoft.com/profile/prashanth jayaram/ http://www.sqlshack.com/author/prashanth/ https://www.tumblr.com/blog/prashantjayaram http://www.sqlservercentral.com/blogs/powersql-by-prashanth-jayaram/ http://www.toadworld.com/members/prashanthjayaram/ My Articles are published in following sites http://www.ssas-info.com/analysis-services-articles/ http://db-pub.com/ http://www.sswug.org/sswugresearch/community/
This entry was posted in MongoDB and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s