Skip to main content

How to create users in MongoDB

Assuming you've already completed the basic setup process mentioned in this blog. In this example, we'll see how we can create admin user and enable authorization.

Connect to admin database

On a cmd window, connect to MongoDB by hitting command "mongo". By default, it connects to "test" database.
Once connection is successful, switch to admin db

#mongo
#use admin

Create Role

After switching to admin db, create executiveFunction role
db.runCommand({ createRole: "executeFunctions",
  privileges: [
    { resource: { anyResource: true }, actions: [ "anyAction" ]  }
  ],
  roles: [],
  writeConcern: { w: "majority" , wtimeout: 5000 }
});

Create admin user

In this step, we'll create admin user mongoadmin with password mongo123
db.runCommand( 
    { 
        "createUser" : "mongoadmin", 
        "pwd": "mongo123", 
        "customData" : 
                {"description": "mongo admin user" }, 
                "roles" : 
                    [ 
                        {
                            "role" : "executeFunctions",
                            "db" : "admin"
                        }, 
                        "root"
                    ] 
    },
    { 
        w: "majority",
        wtimeout: 5000
    } 
);

Create readonly user

For guest access on your database, you may want to create readonly users as well. In this example below, we are creating role "readonly" with "read" access on database "mydb"
#switch to mydb    
use mydb
    db.grantRolesToUser(
        "readonly",
        [
          { role: "read", db: "mydb" }
        ]
    )

Now let's create a user "mongoread" with password "read0nly" on db "mydb"
db.runCommand( 
    { 
        "createUser" : "mongoread", 
        "pwd": "read0nly", 
        "customData" : { "description": "mongo readonly user" }, 
        "roles" : 
            [ 
                {
                    "role" : "read",
                    "db" : "mydb"
                }
            ] 
    },
    { w: "majority" , wtimeout: 5000 } 
);

Enable security on your database

Now, you're all set to enable security on your database. Open mongod.conf and change the value of security.authorizationEnabled attribute to "enabled"
systemLog:
    destination: file
    path: M:\mongodb\data\log\mongod.log
storage:
    dbPath: M:\mongodb\data\db
net:
    bindIp: 127.0.0.1
security:
    authorization: enabled
Remove mongod service to install the service again with new parameters
mongod --remove

Reinstall the service
mongod --config "M:\mongodb\conf\mongod.cfg" --serviceName "MongoDB" --serviceDisplayName "MongoDB" --serviceDescription "MongoDB Server Instance" --install

That's all!

Comments

Popular posts from this blog

MongoDB BulkWrite Java API

Since version 3.2, MongoDB has introduced Bulk Update methods. In context of RDBMS, it's like SQL Batch Jobs, where SQL Statements are prepared in different chunks and a batch of statements are submitted to DB for update/insert. Here are some important points about MongoDB Bulk Write operation.. Useful in case you've huge data to update/insert. Mongo automatically prepares batches (of 1000 default) and start execution in an ordered/unordered manner. This drastically reduce DB trip time. Let's say there are 50 thousand records to update, now instead of 50k round trips to DB from your app server, using Bulk Update it would be reduced to just 50 round trips. Let's see an example below: List<WriteModel<Document>> updateDocuments = new ArrayList<WriteModel<Document>>(); for ( Long entityId : entityIDs ) { //Finder doc Document filterDocument = new Document (); filterDocument . append ( "_id" , ent...

MongoDB Backup and Restore

It's a general need in MongoDB development, to take backups or restore DB with an old backup. DB backup can be done at both DB level and individual Collection level. Let's see how we can perform different backup/restore operations.. DB Backup Complete DB Assuming database to backup is "mydb", the best thing is to back it as gzip to save some space on your Server. mongodump -- archive = mydb . 2017 - 09 - 21.gz -- gzip -- db mydb This will create the archive in the directory where you're executing the command. Another way is to take backup as bson documents. mongodump -h localhost -p 27017 -d mydb -o C:\mongobackup\20170921 A directory with db name will be created under  C:\mongobackup\20170921 In case you have multiple instances running on same server, you can use --host and --port options. Individual Collection mongodump -- collection myCollection -- db mydb This will create backup with same name as that of collection (myCollection in this...