With MongoDB Compass is it possible to see users for a database or create new ones?
Ive managed it on the command line with:
mongo
use (my database name)
db.createUser( { user: "myuser", pwd: "password", roles: ["readWrite"] })
However I would still much prefer a GUI to do this.
No, it isn't (at least until version 1.20.4 of Compass)
If you're trying to create a new DB with a user that "owns" that DB (i.e. has read/write and admin commands for that DB), here's how to do that using only MongoDB Compass:
Open up MongoDB Compass and connect with your admin user.
Create a new DB with the "+" button at bottom of the DB list.
Click the MONGOSH shelf/tab at the bottom of the screen and paste this:
use NAME_OF_NEW_DB
db.createUser(
{
user: "NAME_OF_NEW_USER",
pwd: "NEW_USER_PASSWORD",
roles: [ { role: "dbOwner", db: "NAME_OF_NEW_DB" } ]
}
)
Other roles are explained in the MongoDB docs.
If I run a command in CLI after made up a user. I can see that by using this command.
db.system.users.find().pretty()
{
"_id" : "admin.admin",
"userId" : UUID("****"),
"user" : "admin",
"db" : "admin",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "***",
"storedKey" : "***",
"serverKey" : "***"
},
"SCRAM-SHA-256" : {
"iterationCount" : 15000,
"salt" : "***",
"storedKey" : "***",
"serverKey" : "***"
}
},
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
But I can't see the 'system.users' collection in the Compass client.
I think, the Compass does not support this the listing and creating user features.
But, if you use other client (eg. TablePlus), You can see those hidden documents
Related
I installed Locally on mac. Created user superuser with root privledges as per MongoDB Docs:https://docs.mongodb.com/guides/server/auth/#procedure
> db.createUser({user:"superuser",pwd:"strongPassword",roles:["root"]})
Successfully added user: { "user" : "superuser", "roles" : [ "root" ] }
> show users
{
"_id" : "admin.superuser",
"userId" : UUID("f873bafd-8d9b-4d2d-95a2-95d9e05db25d"),
"user" : "superuser",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
launch it with
resulting in running mongodb instance:
"ctx":"listener","msg":"Waiting for connections","attr":{"port":27017,"ssl":"off"}}
then I mongo --port 27017
use admin
response: switched to db admin
here's the kicker:
I input
db.auth("superuser","strongPassword")
and then
0```
This is the output in the running mongod client:
```{"t":{"$date":"2021-03-15T14:41:11.167-05:00"},"s":"I", "c":"ACCESS", "id":20251, "ctx":"conn1","msg":"Supported SASL mechanisms requested for unknown user","attr":{"user":"superuser#admin"}}
{"t":{"$date":"2021-03-15T14:41:11.168-05:00"},"s":"I", "c":"ACCESS", "id":20249, "ctx":"conn1","msg":"Authentication failed","attr":{"mechanism":"SCRAM-SHA-1","principalName":"superuser","authenticationDatabase":"admin","client":"127.0.0.1:51532","result":"UserNotFound: Could not find user \"superuser\" for db \"admin\""}}
Please help me? Seems pretty straightforward what my problem is here. Followed the mongoDb docs exactly, and then just totally failing to see my user. What's the trick here?
When you first install mongodb, there is no root user. You simply start mongo with (if on mac osx) "mongod --dbpath='/usr/local/var/mongodb'", and then run mongo in the shell and it will connect you without any authentication.
I create the admin user in the admin database:
> db
admin
> db.createUser({
"user" : "test1",
"pwd" : "test1",
"roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ]
})
> db.getUsers()
[
{
"_id" : "admin.test1",
"user" : "test1",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
]
Now I connect to mongo shell as admin user:
> db
admin
> db.runCommand({connectionStatus : 1})
{
"authInfo" : {
"authenticatedUsers" : [
{
"user" : "test1",
"db" : "admin"
}
],
"authenticatedUserRoles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
},
"ok" : 1
}
I start mongod with access control:
$ sudo mongod --auth --port 27017 --dbpath=.
Password:
2020-04-16T20:28:40.656-0400 I CONTROL [main] Automatically disabling TLS 1.0, to force-enable TLS 1.0 specify --sslDisabledProtocols 'none'
2020-04-16T20:28:40.672-0400 I CONTROL [initandlisten] MongoDB starting : pid=8441 port=27017 dbpath=. 64-bit
I even turned on security:
$ cd /usr/local/etc/
$ vim mongod.conf
security:
authorization: "enabled"
Yet I can simply login with just "mongo":
$ mongo admin
MongoDB shell version v4.0.4
connecting to: mongodb://127.0.0.1:27017/admin
Implicit session: session { "id" : UUID("95879725-00ed-4cee-bd43-8ba093df1e19") }
MongoDB server version: 4.0.4
> db.runCommand({connectionStatus : 1})
{
"authInfo" : {
"authenticatedUsers" : [ ],
"authenticatedUserRoles" : [ ]
},
"ok" : 1
}
This is wild. What else must I do? Unless there is some type of automatic login when logged into the ip the server is running on?
Some commands do not require authentication. Try reading or writing to a collection.
Authentication itself is performed via a sequence of commands (you can read about those here) therefore some of the commands must by necessity not require authentication.
Some commands return different responses based on whether a connection is authenticated. For example, try {ismaster:1} with and without authentication.
Currently I've got a siteUserAdmin authenticated on the admin database:
{
"_id" : "admin.siteUserAdmin",
"user" : "siteUserAdmin",
"db" : "admin",
"credentials" : {
"MONGODB-CR" : "...."
},
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
When I run:
use admin;
db.auth('siteUserAdmin', 'supersecret');
Everything authenticates just fine.
However when I then do:
use myotherdb
db.addUser({ user: 'chris', pwd: 'anothersecretpassword', roles: ['dbOwner']});
It doesn't add the user, I get the following:
couldn't add user: not authorized for insert on admin.system.users at src/mongo/shell/db.js:128
What am I doing wrong? This all looks nuts.
FYIL I'm using MongoDB version 2.6.10.
Random side note: weirdly createUser isn't a function, even though according to the MongoDB docs it was added in 2.6.
I was seeing this exact error in Robomongo 0.8.5. I copy/pasted the command to the the Mongo cli client and it worked fine.
Authenticated as siteUserAdmin to admin db on both clients.
Hopefully this helps someone else.
I tried adding a 'root' superuser in admin but he can't do anything.
> show users
{
"_id" : "admin.superuser",
"user" : "superuser",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
I would like to create admins, users databases, remove, add, edit etc. everything. I know this is not recommended but I'm prototyping, this is not production.
I am logged in with the following:
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
The following happens:
> use mydb
switched to db mydb
> db.dropUser("mydbReadWrite")
false
I suspect I do not have the roles, I am root?
It was correct, the user was somehow dropped before without notifying me(hmm...). So it returned false as the user did not exist.
may be you need switch to the db that you create the uesr "mydbReadWrite"