MongoDB/Users
From charlesreid1
Contents
Create Users and Enable Authentication
It is a good idea to set up users and user authentication to control access to the data in the database.
To create a system-wide mongodb user admin, create a user with the role userAdminAnyDatabase (no other roles!).
Start a mongo shell using the mongo command (run this from localhost, which will not require authentication to begin with, or using --noauth flag):
$ mongo >
Now you will run a few commands to create an admin user.
This creates a user "darthvader" with password "secretpass":
> use admin > db.createUser( { user: "darthvader", pwd: "secretpass", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )
Now you can enable client access control.
List Users
Start up the mongo shell and tell it to use the admin database. Then use the show users
command:
> use admin > show users { "_id" : "admin.admin", "user" : "admin", "db" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
Drop Users
To drop users:
> db.dropUser('admin') true
Starting Mongo with Auth On
As per the mongodb documentation [1], to enable authorization you can either pass --auth when starting mongod or you can set security.authorization in the mongodb config file as follows:
security: authorization: enabled