How to rename a user in MongoDB? - mongodb

There is a user in database, this user should be renamed. How to rename the user? The MongoDB user management reference has method db.updateUser but I don't see how to set a new name for the user. How to update the username? ty
db.updateUser(
"<username>",
{
customData : { <any information> },
roles : [
{ role: "<role>", db: "<database>" } | "<role>",
...
],
pwd: "<cleartext password>"
},
writeConcern: { <write concern> }
)

Did you try to update the user?
db.system.users.update({"user":"oldname"}, {$set:{"user":"newname"}})
This command requires root access to admin database.

Related

Create MongoDB user who can only manage the documents he created

I'm wondering id there is a way to create a new user for a database who can only manage his the documents he has created.
I've read almost everything regarding roles and custom roles in the MongoDB documentation but couldn't find what I'm looking for.
What I need is to create a user who can only create documents (not collections), reads others' documents, edit delete his own documents, and not to be able to edit nor delete documents were created by other users.
Is this possible?
If not, is there a workaround I can implement?
At the point of creating the document, you can pass the user's id as one of the attributes so when you want to update or delete that document, you perform a check if the user that is trying to update that document is the person that initially created it.
Something has attributes moviename, dataAdded, userid
userId=12;
const data = Something.findOne({someDocument});
if(userId==data.userid){
//perform update/delete
}else{
//return error
}
There is nothing built-in but you can use custom roles like this:
db.getSiblingDB("admin").createRole({
role: "myDefaultRole",
privileges: [
{
resource: { db: "myDB", collection: "myCollection" },
actions: ["update", "insert", "remove", "find"]
}
]
})
db.getSiblingDB("admin").createRole({
role: "mySuperRole",
privileges: [ {<maybe some additional privileges>} ],
roles: [{ role: "myDefaultRole", db: "admin" }, {<maybe some additional roles>}]
})
db.getSiblingDB("admin").createUser({
user: "user1",
pwd: passwordPrompt(),
roles: [{ role: "mySuperRole", db: "admin" }]
})
db.getSiblingDB("admin").createUser({
user: "user2",
pwd: passwordPrompt(),
roles: [{ role: "myDefaultRole", db: "admin" }]
})
function hasRole(v_user, v_role) {
return v_user != null && db.getSiblingDB(v_user.db).getUser(v_user.user, { filter: { roles: v_role } }) != null;
}
And then use it like this:
const currentUser = db.runCommand({ connectionStatus: 1 }).authInfo.authenticatedUsers.shift();
use myDB
db.myCollection.insertOne({ user: currentUser });
var data = db.myCollection.findOne({ someDocument });
if (data.user == currentUser || hasRole(currentUser, { role: "mySuperRole", db: "admin" })) {
//perform update/delete
} else {
//return error
}
Note, users and roles can be defined in several databases. Thus you should check both, the database and user names. I prefer to create them commonly in the admin database.
Instead of custom roles you may also use field customData, but I think custom roles are more flexible.

MongoDB make drop removeall commands unworkable? [duplicate]

What would be the configuration/command for creating a role which can be applied to a user in MongoDB so that the user is unable to drop a collection?
Check the mongoDB documentation for creating user roles and privileges.
http://docs.mongodb.org/manual/tutorial/manage-users-and-roles/
In general, for a non-admin role, only providing read access will prevent a user from dropping a collection. The code below is taken from the mongo docs and demonstrates access modifications for various collections.
use reporting
db.createUser(
{
user: "reportsUser",
pwd: "12345678",
roles: [
{ role: "read", db: "reporting" },
{ role: "read", db: "products" },
{ role: "read", db: "sales" },
{ role: "readWrite", db: "accounts" }
]
}
)

How to restrict a mongo user from dropping a collection?

What would be the configuration/command for creating a role which can be applied to a user in MongoDB so that the user is unable to drop a collection?
Check the mongoDB documentation for creating user roles and privileges.
http://docs.mongodb.org/manual/tutorial/manage-users-and-roles/
In general, for a non-admin role, only providing read access will prevent a user from dropping a collection. The code below is taken from the mongo docs and demonstrates access modifications for various collections.
use reporting
db.createUser(
{
user: "reportsUser",
pwd: "12345678",
roles: [
{ role: "read", db: "reporting" },
{ role: "read", db: "products" },
{ role: "read", db: "sales" },
{ role: "readWrite", db: "accounts" }
]
}
)

MongoLab not authorized for db.eval

First I tried db.eval() for my local mogodb server.It is working fine.I used this example
Then I tried the same thing with MongoLab.But I got this error message.
The error say not authorized to execute command.Can you explain why this error message.thanks
Eval is a powerfull, dangerous and deprecated action that mLab don't give.
In a local mongo db you should create a role:
use admin
db.createRole(
{
role: "dangerEval",
privileges : [
{ resource: {anyResource: true }, actions : ["anyAction"] },
// or this for grant anyAction only on a single db:
{ resource: {db: "myDb", collection: "" }, actions: [ "anyAction" ] }
],
roles: []
}
)
Then you can assign this role to a user:
db.createUser({
user: "temporaneyEvalUser",
pwd: "psw",
roles: [ { role: "dangerEval", db: "myDb" } ]
});
So you have to choose another way to archive your target or change mongo installation.

Roles in mongodb

Following users are created in mongodb
first user created with name "user" having read write role for "project" database
use project
db.createUser(
{
user: "user",
pwd: "user123",
roles: [
{ role: "readWrite", db: "project" },
{ role: "readAnyDatabase", db:"admin" }
]
}
)
second user created with name "stud" having read write role for "student" database
use student
db.createUser(
{
user: "stud",
pwd: "stud123",
roles: [
{ role: "readWrite", db: "stud" },
{ role: "readAnyDatabase", db:"admin" }
]
}
)
When I connected to database having name project using "user" I am getting project as well as student database. Also to able to add collection in student database. I havent give any permission to "user" to access student database. Still it is possible to access student database. How to avoid it?