MongoDB User
Required Access
You must have the createUser action on a database to create a new user on that database.
You must have the grantRole action on a role’s database to grant the role to another user.
If you have the userAdmin or
userAdminAnyDatabase role, you have those actions.
Config file
/etc/mondod.conf, /usr/local/etc/mangod.conf(brew)
User operations
Before doing, you need to start mongod
Access mongo
mongod
How to show system user
db.system.users.find()
Create admin user in all
mongo use admin db.createUser( { user: 'yoona', pwd: "snsd", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] })
Check
db.system.users.find()
{ “_id” : “admin.yoona”, “user” : “yoona”, “db” : “admin”, “credentials” : { “MONGODB-CR” : “194be003b1776b5e6d0fce9860dab6aa” }, “roles” : [ { “role” : “userAdminAnyDatabase”, “db” : “admin” } ] }
Access
mongo --port 27017 -u yoona -p snsd --authenticationDatabase admin
Specific database admin
use mydb db.createUser( { user: 'tktk', pwd: "12345", roles: [ { role: "userAdmin", db: "mydb" } ] })
Root user
use admin db.createUser( { user: "username", pwd: "password", roles: [ "root" ] } )
Check permission
db.auth("tktk","12345") # 1
db.auth(“use”, “password”)
If the user doesn’t have permission
Error: 18 { ok: 0.0, errmsg: “auth failed”, code: 18 }
0
Create the user in the database with several permission
use reporting db.createUser( { user: "reportsUser", pwd: "12345678", roles: [ { role: "read", db: "reporting" }, { role: "read", db: "products" }, { role: "read", db: "sales" }, { role: "readWrite", db: "accounts" } ] } )
Delete user
Delete system user
use databasename db.system.users.remove({user: "username"})
databasename is database name
username is user name
Delete user(dropUser
use mydb db.dropUser("tktk")
mydb is database name
tktk is username