Creating and changing users and permissions

0

I have run the mongod with the default configuration, that is, I have not set the path, nor the port, nor enabled the access control .

p>
C:\Program Files\MongoDB\Server.4\bin>mongod

Trying for "more advanced things," I wanted to create the admin user and use that to create other users (as the documentation indicates). But I'm having a lot of trouble yet, many commands return with the following (or something close):

not authorized on admin to execute command

The user admin was created as follows:

use admin
db.createUser(
  {
    user: "myUserAdmin",
    pwd: "abc123",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

But it seems to be only authorized to create other users.

  

I would like to know:      

  • How to create a user and give basic access to a database
  •   
  • How to update a user's permissions
  •   
  • How to delete a user
  • The simplest way and straightforward possible! :)

    The intention is to start running mongodb with access control :

    mongod --auth
    
        
    asked by anonymous 18.05.2017 / 00:30

    1 answer

    1

    About the writeConcern parameter: Before I speak of the commands I will leave here a description of the writeConcern object, which is optional parameter for all commands below. It indicates how the database will behave / confirm during the execution of the command. There are three possible attributes within it:

    • w - How many instances do you want to confirm the operation. The majority option asks most voter nodes to confirm the operation. More information here .
    • j - Asks that the nodes have written the data in journal . More information here .
    • wtimeout - Specify a limit, in milliseconds, to wait for confirmation. More information here .

    Create user and give basic access to a database: Considering basic permissions such as ability to write and read, creating user joao in> would look like this:

    use teste
    db.createUser(
      {
        user: "joao",
        pwd: "abc123",
        roles: [ { role: "readWrite", db: "teste" } ]
      } 
      ,
      {
        w: "majority"
       ,wtimeout: 5000
      }
    )
    

    You can create the user in any bank, this does not limit that he has permissions only in that bank. You can, for example, create two users with the same name on different banks, with different permissions. At the time of access he must decide against which bank he is authenticating.

    Update permissions: There are two commands to modify permissions:

    • Add user administration permission on test user joao I created earlier: db.grantRolesToUser( "joao", [ "userAdminAnyDatabase" ], {w: "majority", wtimeout: 5000})
    • Remove user administration permission from joao : db.revokeRolesFromUser( "joao", [ "userAdminAnyDatabase" ], {w: "majority", wtimeout: 5000}) .

    There are pre-defined roles, which are listed here .

    Delete a user: You can use the db.dropUser(usuario, writeConcern) command. The first parameter is the user login, the second is the object that I explained at the beginning of the response. Here is an example to exclude the joao user from the test :

    use teste
    db.dropUser("joao", {w: "majority", wtimeout: 5000})
    
        
    19.05.2017 / 13:43