How can I fix the situation where I can not add a password?
db.createUser({user:'root',pwd:'hello!0.', roles:[{role:'userAdminAnyDatabase', db:'admin'}]})
Successfully added user: {
"user" : "root",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}`
Mongodb defaults without permission access so you need to open access access auth = ture
Related
With MongoDB Compass is it possible to see users for a database or create new ones?
Ive managed it on the command line with:
mongo
use (my database name)
db.createUser( { user: "myuser", pwd: "password", roles: ["readWrite"] })
However I would still much prefer a GUI to do this.
No, it isn't (at least until version 1.20.4 of Compass)
If you're trying to create a new DB with a user that "owns" that DB (i.e. has read/write and admin commands for that DB), here's how to do that using only MongoDB Compass:
Open up MongoDB Compass and connect with your admin user.
Create a new DB with the "+" button at bottom of the DB list.
Click the MONGOSH shelf/tab at the bottom of the screen and paste this:
use NAME_OF_NEW_DB
db.createUser(
{
user: "NAME_OF_NEW_USER",
pwd: "NEW_USER_PASSWORD",
roles: [ { role: "dbOwner", db: "NAME_OF_NEW_DB" } ]
}
)
Other roles are explained in the MongoDB docs.
If I run a command in CLI after made up a user. I can see that by using this command.
db.system.users.find().pretty()
{
"_id" : "admin.admin",
"userId" : UUID("****"),
"user" : "admin",
"db" : "admin",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "***",
"storedKey" : "***",
"serverKey" : "***"
},
"SCRAM-SHA-256" : {
"iterationCount" : 15000,
"salt" : "***",
"storedKey" : "***",
"serverKey" : "***"
}
},
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
But I can't see the 'system.users' collection in the Compass client.
I think, the Compass does not support this the listing and creating user features.
But, if you use other client (eg. TablePlus), You can see those hidden documents
I added an 'admin' user in the admin db, with roles on admin db and another db :
[admin] user: yves>db.auth("isabelle", "abc123")
1
[admin] user: isabelle>db.getUser("isabelle")
{
"_id" : "admin.isabelle",
"user" : "isabelle",
"db" : "admin",
"roles" : [
{
"role" : "userAdmin",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "cockpit"
}
]
}
I am testing that this user cannot admin the 'test' database ( updating a tester user email )
[admin] user: isabelle>use test
switched to db test
[test] user: isabelle>db.updateUser(
... "myTester",
... {
... customData: {email: "mytester#example.com"}
... }
... )
As 'isabelle' has no roles on 'test' db , she should not be allowed to update any user on this db ... (?)
but it is ...
[test] user: isabelle>db.getUser("myTester")
{
"_id" : "test.myTester",
"user" : "myTester",
"db" : "test",
"roles" : [
{
"role" : "readWrite",
"db" : "test"
},
{
"role" : "read",
"db" : "reporting"
}
],
"customData" : {
"email" : "mytester#example.com"
}
}
what am I missing ?
do the isabelle' role 'userAdmin' on 'admin' db allow it ?
I tried to remove it, but it deosn(t change anything ...
I also tried to move isabelle in the cockpit database, with dbOwner role, it doesn't change anything... isabelle is still able to update myTester user in the test database...
how can I restrict isabelle to admin only the 'cockpit' db ( managing users and roles for this db ..?
thanks for enlightment ...
Add to your mongod.conf
security:
authorization: enabled
Also check this mongodb link.
I tried adding a 'root' superuser in admin but he can't do anything.
> show users
{
"_id" : "admin.superuser",
"user" : "superuser",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
I would like to create admins, users databases, remove, add, edit etc. everything. I know this is not recommended but I'm prototyping, this is not production.
I am logged in with the following:
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
The following happens:
> use mydb
switched to db mydb
> db.dropUser("mydbReadWrite")
false
I suspect I do not have the roles, I am root?
It was correct, the user was somehow dropped before without notifying me(hmm...). So it returned false as the user did not exist.
may be you need switch to the db that you create the uesr "mydbReadWrite"
I'm tryin to login as user "overnet" on db "overnet" in mongodb;
I'm logged in the mongo shell as follow;
mongo -u root -p (password) --authenticationDatabase admin
and then typed:
use overnet
switched to db overnet
show users
{
"_id" : "overnet.overnet",
"user" : "overnet",
"db" : "overnet",
"roles" : [
{
"role" : "readWrite",
"db" : "overnet"
},
{
"role" : "dbOwner",
"db" : "overnet"
}
]
}
> db.auth(overnet, password)
2014-12-07T08:05:43.907+0100 ReferenceError: overnet is not defined
how can it say that "overnet" is not defined???
overnet not defined because not quoted. Try the following: db.auth("overnet", password)