Security is a supreme criteria in the databases. Proper authentication in the databases must be enabled to ensure high security. Users in the database paves a way for the better authentication in databases. In this post we are going to see how to create the users once you are done with the MongoDB installation. Its necesary to create the required range of the users with proper privilleges. Each users have their own roles that they can perform. The following are the some users that are very much necessary in the mongodb databases .
Administrator user:
Make sure you use a database before creating the users. The admin database consists of the users that can be accessed by the entire server.This user can grant themselves privileges in excess of their current privileges and even can grant themselves all privileges, even though the role does not explicitly authorize privileges beyond user administration.It is also a typical superuser in the database.
Root user:
It provides access to the operations and all the resources of the readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase and clusterAdmin roles combined also this user does not include any access to collections that begin with the system. prefix.
1 |
db.createUser({user: "root",pwd: "password",roles: [ "root" ]}) |
Read/Write user:
This user provides the read and write permissions for a particular database that is specified.
1 |
db.createUser({user: "rw_user",pwd: "password",roles:[{ role: "readWrite",db:"test_db"}]}) |
Read user:
This user provides only the read permissions for a particular database that is specified.
1 |
db.createUser({user: "read_user",pwd: "password",roles:[{ role: "read",db:"test_db"}]}) |
Write user:
This user provides only the write permissions for a particular database that is specified.
1 |
db.createUser({user: "write_user",pwd: "password",roles:[{ role: "write",db:"test_db"}]}) |
Backup User:
This user is used to perform only the backup operations in the database.So in case you have single instance its enough to have the following role:
1 |
db.createUser({user: "backup",pwd: "password",roles:[{ role: "dbAdmin",db:"admin"}]}) |
Incase you maintain any shard or replica you can have the below role:
1 |
use admindb.createUser({user: "backup",pwd: "password",roles:[{ role: "clusterdbAdmin",db:"admin"}]}) |
Check user privileges:
Its very much necessary to see what are all the privileges that are given to a particular user,to find them use the below query:
You can also create your own users similarly mentioned above if you have more ideas about the roles needed.To know more about the mongodb roles check this link.