MongoDB/Users: Difference between revisions

Create Users and Enable Authentication

It is a good idea to set up users and user authentication to control access to the data in the database.

To create a system-wide mongodb user admin, create a user with the role userAdminAnyDatabase (no other roles!).

Start a mongo shell using the mongo command (run this from localhost, which will not require authentication to begin with, or using --noauth flag):

$ mongo
> 

Now you will run a few commands to create an admin user.

This creates a user "darthvader" with password "secretpass":

> use admin
> db.createUser(
  {
    user: "darthvader",
    pwd: "secretpass",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

Now you can enable client access control.

List Users

Start up the mongo shell and tell it to use the admin database. Then use the show users command:

> use admin
> show users
{
	"_id" : "admin.admin",
	"user" : "admin",
	"db" : "admin",
	"roles" : [
		{
			"role" : "userAdminAnyDatabase",
			"db" : "admin"
		}
	]
}

Drop Users

To drop users:

> db.dropUser('admin')
true

Starting Mongo with Auth On

As per the mongodb documentation [1], to enable authorization you can either pass --auth when starting mongod or you can set security.authorization in the mongodb config file as follows:

security:
    authorization: enabled