I am starting to learn MongoDB.
I can create users connected to the admin database:
use admin
db.createUSer({
user: "username",
pwd: "password",
roles: [{role:"readWrite", db:"dbaseName"}],
} )
Or connected to dabaseName:
use dbaseName
db.createUSer({
user: "username",
pwd: "password",
roles: [{role:"readWrite", db:"dbaseName"}],
} )
What is the difference?
Related
I have 22 databases on a single MongoDB instance. I came across root role of MongoDB authentication. I want to create a single user which can do anything to existing database as well as create new database and manage them fully. I ran the following command but it doesn't allow me to access any database except admin.
use admin
db.createUser(
{
user: "iamroot",
pwd: "<pa$$w0rd>",
roles: [ "root" ]
})
It only stores root role for admin database only. How can I apply root role to all existing database as well as on new database if added? Is there only one way to supply all the DB name in roles array like this to achieve what I want?
use admin
db.createUser(
{
user: "iamroot",
pwd: "<pa$$w0rd>",
roles: [
{ role: "root", db: "db_1" },
{ role: "root", db: "db_2" },
{ role: "root", db: "db_n" },
]
})
You would need to assign root for admin db explicitly I guess.
For me the following worked (am on version: 3.4.23):
use admin
db.createUser(
{
user: "iamroot",
pwd: "<pa$$w0rd>",
roles: [
{ role: "root", db: "admin" }
]
})
I'm using zend 3 framework and mongodb. Connected to mongodb database using mongodb/mongodb library.
How I can add validation in zend and mongodb so that only authenticated users can perform CRUD operation in mongodb using zend rest apis?
From mongo shell I've added authentication to db using below queries which works fine.
use admin;
db.createUser(
{
user: "admin",
pwd: "password",
roles: [ { role: "root", db: "admin" } ]
}
);
mongo --port 27017 -u "admin" -p "password" --authenticationDatabase "admin"
use test;
db.createUser(
{
user: "testUser",
pwd: "password",
roles: [ "readWrite", "dbAdmin" ]
}
);
db.auth("testUser", "password");
Right now In Zend model I'm using following code which works fine without db authentication.
$mongoClient = new \MongoDB\Client();
$collection = $mongoClient->selectDatabase($dbName)->selectCollection($collectionName);
$cursor = $collection->findOne(['_id' => $_id]);
Now how I can pass user credentials to \MongoDB\Client() to authenticate user before executing above query?
You may initialize the client with credentials as follows:
$mongoClient = new \MongoDB\Client('mongodb://username:password#host1:port');
My mongo shell is giving me this error when I am using show dbs command.
not authorized on admin to execute command
I have tried to create a user using
db.createUser(
{
user: "siteUserAdmin",
pwd: "password",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
as on https://docs.mongodb.com/v2.6/tutorial/add-user-administrator/
But it still gives me the same error:
Could not add user: not authorized on admin to execute command.
I am using Ubuntu 16.04 and mongoDB version is 3.4.9
I think you can use the role as root for Ubuntu. Try the below query.
use admin
db.createUser(
{
user: "admin",
pwd: "password",
roles: [ { role: "root", db: "admin" } ]
}
);
exit;
You can give read write permission to user as well
use admin
db.grantRolesToUser("admin",["readWrite"])
EDIT
Since the above didn't work try to start the instance with auth as below
Stop the mongod instance
Start the instance with $ mongod --auth
Now start mongo shell and create user
use admin
db.createUser(
{
user: "admin",
pwd: "password",
roles: [ { role: "root", db: "admin" } ]
}
);
exit;
Now give permission
db.auth("admin", "password")
db.grantRolesToUser("password", [ { role: "readWrite", db: "admin" } ])
Now check show users
I can't believe that there is no simple example for this. I keep reading different versions everywhere.
mongo --port 27017 -u "admin" -p "mypass" --authenticationDatabase "mydb"
use mydb
db.createUser(
{
user: "normal",
pwd: "anotherpass",
roles: [ { role: "readWriteAnyDatabase", db: "mydb" } ]
}
)
I get:
Error: couldn't add user: No role named readWriteAnyDatabase
From the website:
Changed in version 3.4: Prior to 3.4, readWriteAnyDatabase includes
local and config databases. To provide readWrite privileges on the
local database, create a user in the admin database with readWrite
role in the local database.
If you want the desired output, I believe you just have to go to the admin database use admin and create an user with the following command:
db.createUser(
{
user: "normal",
pwd: "anotherpass",
roles: [ { role: "readWrite", db: "mydb" } ]
}
)
Following users are created in mongodb
first user created with name "user" having read write role for "project" database
use project
db.createUser(
{
user: "user",
pwd: "user123",
roles: [
{ role: "readWrite", db: "project" },
{ role: "readAnyDatabase", db:"admin" }
]
}
)
second user created with name "stud" having read write role for "student" database
use student
db.createUser(
{
user: "stud",
pwd: "stud123",
roles: [
{ role: "readWrite", db: "stud" },
{ role: "readAnyDatabase", db:"admin" }
]
}
)
When I connected to database having name project using "user" I am getting project as well as student database. Also to able to add collection in student database. I havent give any permission to "user" to access student database. Still it is possible to access student database. How to avoid it?