I want to implement database authentication in mongodb.
In order to do that, I found out that I need to first create an admin user and then create separate users for each of my database through mongodb client shell (manually or using a javascript file).
I was wondering if it is possible to add user to the individual databases from the spring application itself but did not get any useful pointers to do this. Is it that this approach is wrong because if this possible the application will always be able to access the database because it itself is creating the user, but external access will still be blocked.
Please let me know how this can be achieved or if it is an incorrect approach.
After you add a normal user via the MongoShell, you can then connect via your application and create either normal users, or read only users.
Note that a normal user can also add users, so the users your application adds may need to be down as read only users depending on your use case and needs.
In the MongoShell, adding a read only user can be done via
use myAppDB
db.addUser("JohnSmith", "CheddarCheese", true)
Related
I have an existing API connected to an AWS PostgreSQL database that uses AWS Cognito for User authentication.
The goal is for users to insert data via the API with some field mapped to their Cognito id, and retrieve the same data. The idea would be for each user to only have access to the data 'owned' by them. Similarly to the way row level access works.
But I do not want to create a role for each user which seems to be necessary.
The idea would be that I need to somehow setup a connection to the PostgreSQL DB with the user_id without creating a user and handle the accessible data via a policy, or somehow pass the data to the policy directly.
What would be an ideal way to do this, or is creating a PG user for each user a necessity for this setup?
Thanks in advance
EDIT: I am currently querying the database through my backend with custom code. But I would rather have a system where instead of writing the code myself, the PostgreSQL system handles the security itself using policies(or something similar). I fully understand how PostgreSQL row-level-access works with roles and policies and I would prefer a system where PostgreSQL does the major work without me implementing custom back-end logic and preferably not creating thousands of PostgreSQL roles for the users.
You should not allow users to make a direct connection to the database.
Instead, they should make requests to your back-end, where you have business logic that determines what each user is permitted to access. Your back-end then makes the appropriate calls to the database and returns the response to the user.
This is a much 'safer' response because it prevents users having direct access to your database and it is also a better architecture because it allows you to swap-out the database engine for another one without impacting your service.
The database is for your application, not for your users.
How do I create a system user? The goal is using this user as an administrator.
I can only create normal (client) and server (something like client) users, but I'm unable to create a system user.
I tried the Atlas App Services Admin Rest API but there I can do just the same I can here.
I see that a possible solution is adding custom user data but there isn't a way in the console.
Any solution?
A server user is for backend access to your database. This may be useful if you are looking to perform backend database administration.
When you use Atlas App Services, you are creating users for frontend access to user-appropriate data. If you want to create users on the frontend with a role/privilege of 'Administrator', then you need to implement that logic.
You can create custom data for users, which is a separate document linked to the user with additional fields. A simple implementation would be a custom field 'isAdmin'.
A rule would need to be implemented to only give your frontend users access to restricted data once 'isAdmin' === true. For example:
{
"%%true": {"%%user.custom_data.isAdmin"}
}
For more rule examples: https://www.mongodb.com/docs/atlas/app-services/rules/examples/
There is an Apache Atlas server. The user connects using ldap technology. Users are adding the atlas-simple-authz-policy.json config file.json and specify its role in the application. We are faced with the following situation, until you create a user on the server itself (useradd nickname), the user will not receive full access within his role. I.e., in fact, the user will be able to log in to the application, perform some kind of search that will display the result, but it is already impossible to view the contents of the fragments found.
I’m brand new to realm and have been digging around in the docs all day today. I come from a sql background and am struggling finding out if what I want done can be accomplished with realm.
I’m wanting to create an app that allows normal users to fill out a simple form, and allow admins to access (read only) these forms. Ideally the admin would see all forms created by users listed in a tableview.
After completed the swift tutorial online, I get the impression that only the user who created the realm object can access it…
Is it possible to accomplish what I described above with realm?
There is no way to query multiple Realm files at once currently. In your use case, I recommend you to share one account (created automatically on your application), write multiple users' data to one file. Or sharing one file for multiple users by using Realm's permission change feature, see also https://realm.io/docs/swift/latest/#modifying-permissions
I am building a web-app with Meteor and i am using the Meteor Accounts-password package and accounts-facebook package to make login easy. The user has some information tied to them like email & password, but i want to tie more information to them after the account has been created.
I know of two ways that i could do that and i was wondering how i should do it, since i can't seem to find any information about it on the internet.
Option 1:
I add all the additional information (like username, displayname and other stuff) inside the Meteor.user.profile object. This seems to be a bad solution since users by default have access to everything in the profile object and i have to manually deny them access.
Option 2:
I create a new collection, Profile-information, and store all additional data about the user and then tie it to the meteor.user object via some shared key. This also seems like a bad solution since i have to split my data like in SQL and not have all the advantages of embedded documents in mongodb.
This has been my thought process so far and i am at a loss of how to continue.
Which option seems to be the best way, or is there an option 3 that would work better?
Thanks in advance.
Thanks to #forallepsilon i found out that you could write any data to the user object you want. I previously though that the user object was locked, and you could only store additional data in the profile field.
I will store the additional data i have about the user inside the Meteor.user object by just creating additional fields.