Authentication
List All Users
db.system.users.find()
Enable Authentication
With access control enabled, ensure you have a user with userAdmin or userAdminAnyDatabase role in the admin database.
Procedures
- Start MongoDB without access control.
- Connect to the instance.
- Create the user administrator.
use admin db.createUser( { user: "myUserAdmin", pwd: "abc123", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } )
- Re-start the MongoDB instance with access control.
mongod --auth --port xxx --dbpath xxx
- Authenticate as the user administrator.
or in the mongo shell connected without authentication, switch to the authentication database, and use db.auth() method to authenticate:mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"
use admin db.auth("myUserAdmin", "abc123" )
- Create additional users as needed for your deployment.
User Management Methods
db.auth()
Authenticates a user to a database.db.createUser()
Creates a new user.db.updateUser()
Updates user data.db.changeUserPassword()
Changes an existing user’s password.db.removeUser()
Deprecated. Removes a user from a database.db.dropAllUsers()
Deletes all users associated with a database.db.dropUser()
Removes a single user.db.grantRolesToUser()
Grants a role and its privileges to a user.db.revokeRolesFromUser()
Removes a role from a user.db.getUser()
Returns information about the specified user.db.getUsers()
Returns information about all users associated with a database.
Role Management Methods
db.createRole()
Creates a role and specifies its privileges.db.updateRole()
Updates a user-defined role.db.dropRole()
Deletes a user-defined role.db.dropAllRoles()
Deletes all user-defined roles associated with a database.db.grantPrivilegesToRole()
Assigns privileges to a user-defined role.db.revokePrivilegesFromRole()
Removes the specified privileges from a user-defined role.db.grantRolesToRole()
Specifies roles from which a user-defined role inherits privileges.db.revokeRolesFromRole()
Removes inherited roles from a role.db.getRole()
Returns information for the specified role.db.getRoles()
Returns information for all the user-defined roles in a database.
Built-In Roles
A role grants privileges to perform sets of actions on defined resources. A given role applies to the database on which it is defined and can grant access down to a collection level of granularity.
Database User Roles
read
readWrite
Database Administration Roles
dbAdmin
dbOwner
The database owner can perform any administrative action on the database.userAdmin
Provides the ability to create and modify roles and users on the current database.
Cluster Administration Roles
clusterAdmin
clusterManager
clusterMonitor
hostManager
Backup and Restoration Roles
The admin database includes the following roles for backing up and restoring data:
backup
restore
All-Database Roles
readAnyDatabase
readWriteAnyDatabase
userAdminAnyDatabase