For instance, if I have this user:
> db.system.users.find() { "user" : "testAdmin", "pwd" : "[some hash]", "roles" : [ "clusterAdmin" ], "otherDBRoles" : { "TestDB" : [ "readWrite" ] } }
And I want to give that user the dbAdmin
permissions on the TestDB
database, I can remove the user record then add it back with the new permissions:
> db.system.users.remove({"user":"testAdmin"}) > db.addUser( { user: "testAdmin", pwd: "[whatever]", roles: [ "clusterAdmin" ], otherDBRoles: { TestDB: [ "readWrite", "dbAdmin" ] } } )
But that seems hacky and error-prone.
And I can update the table record itself:
> db.system.users.update({"user":"testAdmin"}, {$set:{ otherDBRoles: { TestDB: [ "readWrite", "dbAdmin" ] }}})
But I'm not sure if that really creates the correct permissions - it looks fine but it may be subtly wrong.
Is there a better way to do this?
MongoDB: db.grantRolesToUser() method is used to grants an additional role and its privileges to a user. The name of the user to whom to grant roles. An array of additional roles to grant to the user. The level of write concern for the modification.
Required AccessYou must have the grantRole action on a role's database to add a role to a user. To change another user's pwd or customData field, you must have the changePassword and changeCustomData actions respectively on that user's database.
A role in MongoDB grants privileges to perform some set of operations on a given resource. In MongoDB, users are created using createUser() method. This method creates a new user for the database, if the specified user is already present in the database then this method will return an error.
To restrict MongoDB access by enabling authentication In the mongoconfiguration, set auth = true and restart the mongo service.
If you want to just update Role of User. You can do in the following way
db.updateUser( "userName", { roles : [ { role : "dbAdmin", db : "dbName" }, { role : "readWrite", db : "dbName" } ] } )
Note:- This will override only roles for that user.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With