Creating and changing users and permissions

Question

Creating and changing users and permissions

Asked 7 years, 6 months ago

Viewed 2,250 times

0

I have run mongod with the default setting, ie I have not set nor the path, nor the door, nor activated the access control.

C:\Program Files\MongoDB\Server\3.4\bin>mongod

Trying "more advanced things", I wanted to create the user admin and use this to create other users (as the documentation indicates). But I’m having a lot of difficulty yet, many commands return with the following (or something close):

not authorized on admin to execute command

The user admin was created as follows:

use admin
db.createUser(
  {
    user: "myUserAdmin",
    pwd: "abc123",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

But it seems to only have authorization to create other users.

I’d like to know:
How to create a user and give basic access to a database

Updating a user’s permissions

How to delete a user

In the simplest way and Straightforward possible! :)

The intention is to run mongodb with access control:

mongod --auth

in the roles, try: roles: [ { role: "root", db: "admin" } ]

– Francisco

2017/05/17 at 22:33

1 answer

Browser other questions tagged mongodb

You are not signed in. Login or sign up in order to post.

by Jorge C. Bernhard Tautz • **429** points · Answer 1 · 2017-05-19T11:43:20+00:00

About the writeConcern parameter: Before talking about the commands I will leave here a description of the object writeConcern, which is an optional parameter of all commands below. It indicates how the database will behave/confirm during the execution of the command. There are three possible attributes within it:

w - How many instances you want to confirm the operation. The option Majority requests that most voting nodes confirm the operation. More information here.
j - Requests confirmation that the nodes have written the data on Journal. More information here.
wtimeout - Specifies a limit, in milliseconds, to wait for confirmation. More information here.

Create user and give basic access to a bank: Considering basic permissions as ability to write and read, user creation Joao at the bank test would look like this:

use teste
db.createUser(
  {
    user: "joao",
    pwd: "abc123",
    roles: [ { role: "readWrite", db: "teste" } ]
  } 
  ,
  {
    w: "majority"
   ,wtimeout: 5000
  }
)

You can create the user in any bank, it does not limit that it has permissions only in that bank. You can for example create two users with the same name in different banks, with different permissions. When accessing he must decide against which bank he is authenticating.

Update permissions: There are two commands to modify permissions:

Add user administration permission to the test user Joao that I created before: db.grantRolesToUser( "joao", [ "userAdminAnyDatabase" ], {w: "majority", wtimeout: 5000})
Remove user administration permission from Joao: db.revokeRolesFromUser( "joao", [ "userAdminAnyDatabase" ], {w: "majority", wtimeout: 5000}).

There are pre-defined roles, which are listed here.

Delete a user: you can use the command db.dropUser(usuario, writeConcern). The first parameter is the user login, the second is the object I explained at the beginning of the reply. Below is an example to exclude the user Joao bank test:

use teste
db.dropUser("joao", {w: "majority", wtimeout: 5000})