Creating Users in MongoDB (& managing permissions)

Watch the video:

0:00 - Intro/Explanation
0:10 - Creating a MongoDB Admin user
1:07 - Creating Read/Write user for specific database
1:54 - Enable Authentication on MongoDB server

Introduction

In MongoDB, user accounts are used to control access to databases and perform various operations. There are two types of user accounts that we will explore: admin accounts and limited accounts. Admin accounts have full access to the entire MongoDB instance, while limited accounts have restricted access to specific databases.

Creating an Admin Account

To create an admin account in MongoDB, we need to use the db.createUser() method. Let’s take a look at the command structure:

1 2 3 4 5

db.createUser({ user: "adminUsername", pwd: "adminPassword", roles: [{ role: "userAdminAnyDatabase", db: "admin" }] });

Here, adminUsername represents the desired username for the admin account, and adminPassword is the password associated with the account. The roles field specifies the permissions for the admin account, granting the userAdminAnyDatabase role on the admin database.

Creating a Limited Account

In addition to admin accounts, we can create limited accounts for specific databases. These accounts have restricted access and can be assigned different roles based on the required permissions. Let’s see how we can create a limited account:

1 2 3 4 5

db.createUser({ user: "limitedUsername", pwd: "limitedPassword", roles: [{ role: "readWrite", db: "limitedDatabase" }] });

In this example, limitedUsername represents the username for the limited account, limitedPassword is the associated password, and limitedDatabase is the specific database to which the account is granted readWrite access.

Enabling Authentication

To secure our MongoDB server, it’s crucial to enable authentication. Without authentication, anyone with access to the server can perform operations on the databases. Enabling authentication requires modifying the MongoDB server configuration.

Open the MongoDB server configuration file, usually located at /etc/mongod.conf.

Scroll down to the security section and remove the comment symbol # from the line #security.

Add a new line with authorization: enabled.

Save the configuration file and exit the editor.

After enabling authentication, we need to restart the MongoDB server for the changes to take effect. Use the appropriate command for your system to restart the MongoDB service.After enabling authentication, we need to restart the MongoDB server for the changes to take effect. Use the appropriate command for your system to restart the MongoDB service.s

Connecting with User Accounts

Once you have created the user accounts and enabled authentication, you can connect to the MongoDB server using the credentials of the respective accounts.

1	mongo --username adminUsername --password adminPassword --authenticationDatabase admin

Replace adminUsername and adminPassword with the credentials of your admin account. The –authenticationDatabase flag specifies the database where the account resides.

For limited accounts, the connection command would look similar:

1	mongo --username limitedUsername --password limitedPassword --authenticationDatabase limitedDatabase

Replace limitedUsername, limitedPassword, and limitedDatabase with the appropriate values for your limited account.

This also applies if you’re using MongoDB Compass: you’ll need to ensure you use the name and password in order to connect and interact with your database. If you’d like to actually edit entries, create tables, and more; you’ll need to make sure you have an admin account rather than just a read write account. Do also make sure you have permissions for the tables you want to edit.