MongoDB/Users: Difference between revisions
From charlesreid1
(Created page with "==Create Users and Enable Authentication== It is a good idea to set up users and user authentication to control access to the data in the database. To create a system-wide m...") |
(→Flags) |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
{{Main|MongoDB}} | |||
==Create Users and Enable Authentication== | ==Create Users and Enable Authentication== | ||
| Line 28: | Line 30: | ||
Now you can enable client access control. | Now you can enable client access control. | ||
==List Users== | |||
Start up the mongo shell and tell it to use the admin database. Then use the <code>show users</code> command: | |||
<pre> | |||
> use admin | |||
> show users | |||
{ | |||
"_id" : "admin.admin", | |||
"user" : "admin", | |||
"db" : "admin", | |||
"roles" : [ | |||
{ | |||
"role" : "userAdminAnyDatabase", | |||
"db" : "admin" | |||
} | |||
] | |||
} | |||
</pre> | |||
==Drop Users== | |||
To drop users: | |||
<pre> | |||
> db.dropUser('admin') | |||
true | |||
</pre> | |||
==Starting Mongo with Auth On== | ==Starting Mongo with Auth On== | ||
| Line 37: | Line 68: | ||
authorization: enabled | authorization: enabled | ||
</pre> | </pre> | ||
=Flags= | |||
[[Category:MongoDB]] | |||
[[Category:2018]] | |||
[[Category:February 2018]] | |||
Latest revision as of 20:21, 4 November 2018
Create Users and Enable Authentication
It is a good idea to set up users and user authentication to control access to the data in the database.
To create a system-wide mongodb user admin, create a user with the role userAdminAnyDatabase (no other roles!).
Start a mongo shell using the mongo command (run this from localhost, which will not require authentication to begin with, or using --noauth flag):
$ mongo >
Now you will run a few commands to create an admin user.
This creates a user "darthvader" with password "secretpass":
> use admin
> db.createUser(
{
user: "darthvader",
pwd: "secretpass",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
Now you can enable client access control.
List Users
Start up the mongo shell and tell it to use the admin database. Then use the show users command:
> use admin
> show users
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
Drop Users
To drop users:
> db.dropUser('admin')
true
Starting Mongo with Auth On
As per the mongodb documentation [1], to enable authorization you can either pass --auth when starting mongod or you can set security.authorization in the mongodb config file as follows:
security:
authorization: enabled