Over a million developers have joined DZone.

MongoDB, Users and Permissions

· Database Zone

Check out the IT Market Clock report for recommendations on how to consolidate and replace legacy databases. Brought to you in partnership with MariaDB.

NoSQL and Enterprise Security?
That is not the first thing that comes to mind when you consider using NoSQL. It is not a big surprise as the early adapters of NoSQL were Internet companies.
An evident for that you can find in MongoDB, where authentication is dimmed by default.
How to Enable MongoDB Authentication?
  1. Create an Admin user (otherwise you will have issues to connect your server) from the local console:
    1. use admin;
    2. db.addUser({ user: "", pwd: "", roles: [ "userAdminAnyDatabase" ]})
  2. Enable authentication in the /etc/mongo.conf: auth=true
  3. Restart the mongod instance to enable authentication.
How to Add Additional users?
Select the database that you want to add user to:
use
db.addUser( { user: "", pwd: "", roles: [ "", ""]})
And select the a user role from the following permissions list:
How to Provide Permissions to Other Databases?
This one is done with a "copy" like method, where userSource defines the database that the user definition should be copied from:
use
db.addUser( { user: "", userSource: "", roles: [ "" ] } )
In case you want to provide read permissions to all databases you may use the readAnyDatabases
Bottom Line
Not very complex, but more secure. 

Interested in reducing database costs by moving from Oracle Enterprise to open source subscription?  Read the total cost of ownership (TCO) analysis. Brought to you in partnership with MariaDB.

Topics:

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

SEE AN EXAMPLE
Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.
Subscribe

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}