For any database whether it is RDBMS or NoSQL, the user account is a very important aspect and is a must to connect to a database
There are different types of users depending on usage like, admin user account, read-only account, read write only.
Users can be created or added to the database using db.createUser() method available with MongoDB
The db.createUser() method accepts a document object that enables you to specify the username, roles and password for user to be created
Definition of db.createUser() method
db.createUser(user, writeConcern)
The user document has the following fields
There are different types of users depending on usage like, admin user account, read-only account, read write only.
Users can be created or added to the database using db.createUser() method available with MongoDB
The db.createUser() method accepts a document object that enables you to specify the username, roles and password for user to be created
Definition of db.createUser() method
db.createUser(user, writeConcern)
Field
|
Type
|
Description
|
User
|
Document
|
The document with authentication and access information about user
|
writeConcern
|
Document
|
Optional, the level of writeConcern for creation operation
|
The user document has the following fields
Field
|
Type
|
Description
|
user
|
String
|
The name of the new user
|
pwd
|
String
|
The user password
|
customData
|
Document
|
Optional, any information about user
|
roles
|
Array
|
This defines roles, The roles granted to a user can be an empty array[] to
create a user without any roles
|
AuthenticationRestrictions
|
Array
|
Optional, the authentication restrictions the server enforces on the user. Specifies a list of IP addresses and CIDR ranges from which user will
be able to connect
|
Mechanisms
|
Array
|
Optional, specify the specific SCRAM mechanism for creating SCRAM
user creation
|
passwordDigester
|
string
|
Optional, Indicates whether the server or the client digest the
password
|
Roles
In the role field, you can specify the build-in roles and user-defined roles. You can specify directly role name or in the form of a document as well
i.e.
"readWrite" or {role : ""
: db ""}
External Credentials
Users created on $external database should have credentials stored externally to MongoDB
Local database
user can not be created on local database
Examples
Create account with roles assigned
> db.createUser({ user :
"tech_owner",
...
pwd : "techo!23",
...
customData : {user : "blogUser"},
...
roles :[{role: "clusterAdmin",
...
db : "admin" },
...
"readWrite"]}
...
);
Successfully
added user: {
"user" : "tech_owner",
"customData" : {
"user" :
"blogUser"
},
"roles" : [
{
"role" : "clusterAdmin",
"db" : "admin"
},
"readWrite"
]
}
>
Create an account with roles
>
db.createUser({ user : "tech_user",
...
pwd : "techo!23",
...
roles :["readWrite", "dbAdmin"]}
...
);
Successfully
added user: { "user" : "tech_user", "roles" : [
"readWrite", "dbAdmin" ] }
>
>
Create
user without any roles
>
db.createUser({ user : "tech_wo_roles",
...
pwd : "techo!23",
...
roles :[]
... }
...
);
Successfully
added user: { "user" : "tech_wo_roles", "roles" :
[ ] }
>
>
Listing
users created
>
db.getUsers();
[
{
"_id" :
"techno_db.tech_owner",
"user" :
"tech_owner",
"db" :
"techno_db",
"customData" : {
"user" : "blogUser"
},
"roles" : [
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "readWrite",
"db" : "techno_db"
}
],
"mechanisms" : [
"SCRAM-SHA-1"
]
},
{
"_id" :
"techno_db.tech_user",
"user" :
"tech_user",
"db" :
"techno_db",
"roles" : [
{
"role" : "readWrite",
"db" : "techno_db"
},
{
"role" : "dbAdmin",
"db" : "techno_db"
}
],
"mechanisms" : [
"SCRAM-SHA-1"
]
},
{
"_id" :
"techno_db.tech_wo_roles",
"user" :
"tech_wo_roles",
"db" :
"techno_db",
"roles" : [ ],
"mechanisms" : [
"SCRAM-SHA-1"
]
}
]
>
>
Removing/Dropping User in MongoDB
First list the users using db.getUsers() method and decide which one to drop
then use db.dropUser() method to drop user, this dropUser() method takes username as argument
We will drop tech_wo_roles user
>
db.dropUser("tech_wo_roles");
true
>
If you want to drop all the users if you can user db.dropAllUsers() method.
More will come on MongoDB. follow this space for more and explore more.