Scroll on mongodb does not work

Asked

Viewed 39 times

0

created 2 db and a user for each, but the user 2 can enter data in the database 1, what I am doing wrong

use shop
db.createUser({user: "appdev",pwd:"appdev", roles:["readWrite"]})
db.auth("appdev","appdev")
show collections
db.products.insertOne({name: "A book for appdev"})

db.logout()

use shop2
db.createUser({user: "appdev2",pwd:"appdev2", roles:["readWrite"]})
db.auth("appdev2","appdev2")
show collections
db.products.insertOne({name: "A book for appdev2"})

Still logged in as appdev2, I enter db shop (which belongs to appdev) and still can insert

use shop
db.products.insertOne({name:"i-am-appdev2"})
{
    "acknowledged" : true,
    "insertedId" : ObjectId("5d8fdba878f7555a2060f1ec")
}

'Cause I can still insert data into a Collection that’s not allowed?

  • You’re using the builtin roll readWrite it provides all read privileges, plus the ability to modify data in all the collections not belonging to the system and in the collection system.js to achieve your goal you must set your own roles.

  • 1

    @Augustovasques I believe that this does not apply to version 4.2, because I have not changed the permissions and just configured the file /etc/mongod.conf and I had the expected result that is not to insert or read dbs Collections that Voce is not authorized, if what Voce is saying does not make sense

1 answer

2

I found the answer in stackoverflow in English.

I am using the version of mongodb 4.2, you have to configure in the /etc/mongod.conf

security:
  authorization: enabled

Browser other questions tagged

You are not signed in. Login or sign up in order to post.