Securing MongoDB User Administration

The db. createUser ( user , writeConcern ) method used to create users.We need to provide the username, password and roles

The definition of createUser as follows

{ user: "<name>", pwd: "password>", customData: { <User Tag> }, roles: [ { role: "<role>", db: "<database>" }, { role: "<role>", db: "<database>"}, ... ] } Role

Role is an approach to restricting system/DB access to authorized users.The security hierarchy is similar to various DB technologies. There are various roles are

Database User Roles read readWrite Database Administration Roles dbAdmin dbOwner userAdmin Cluster Administration Roles clusterAdmin clusterManager clusterMonitor hostManager

Backup and Restoration Roles

backup restore All-Database Roles readAnyDatabase readWriteAnyDatabase userAdminAnyDatabase dbAdminAnyDatabase Superuser Roles root Internal Role system

The Roles are a self explanatory. For further reading, read the following MongoDB reference manual Roles

Create User db.createUser( { user: "reportUser", pwd: "12345678", roles: [ {role: "read", db :"northwind"}, {role: "readWrite", db: "records"}, {role: "backup", db: "admin"}, {role:"clusterAdmin", db: "admin"}, {role:"readAnyDatabase", db: "admin"} ] } ) Identify the user roles by using db.getUser() db.getUser("reportUser")

Change Password >db.changeUserPassword("reportUser","!@#$1234Mongo") Drop a user from mongodb using the db.dropUser() >db.dropUser("reportUser") Revoke a role from the user using revokeRolesFromUser() >db.revokRolesFromUser( "reportUser", [ {role: "readWrite", db:" northwind"}, {role: "backup", db: "admin"} ] )