Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

mongodb grant all with wildcard role like mysql

Tags:

mongodb

is it possible to grant a user in mongodb to access multiple databases using some sort of regex? for example in MySql i can use

grant all on `example\_%`.* to `example`@`localhost`;
like image 596
elibyy Avatar asked May 26 '15 15:05

elibyy


People also ask

How do I use wildcard search in MongoDB?

Create a Wildcard Index on All Fields With this wildcard index, MongoDB indexes all fields for each document in the collection. If a given field is a nested document or array, the wildcard index recurses into the document/array and stores the value for all fields in the document/array.

How do I grant permissions in MongoDB?

MongoDB: db.grantRolesToUser() method is used to grants an additional role and its privileges to a user. The name of the user to whom to grant roles. An array of additional roles to grant to the user. The level of write concern for the modification.

Is MongoDB like SQL?

SQL databases are used to store structured data while NoSQL databases like MongoDB are used to save unstructured data. MongoDB is used to save unstructured data in JSON format. MongoDB does not support advanced analytics and joins like SQL databases support.

What is a privilege in MongoDB?

A MongoDB privilege comprises a resource and the permitted actions. This page lists available actions grouped by common purpose. MongoDB provides built-in roles with pre-defined pairings of resources and permitted actions. For lists of the actions granted, see Built-In Roles.


1 Answers

I'm not sure if there is a way to do that in MongoDB as the db value when setting user roles has to be a string, source. However, you can write a script to help you achieve the same result. I came up with this(the script itself is small, however, comments and logging make it seem long):

// script.js

// Change the value of this variable to the name of the database expected to store the user details
const userDatabase = 'test';

// Change the value of this variable to the name of the user to grant the roles
const userName = 'user';

// Get a list of all database matching the regExp /^example.*$/
const dbs = db.adminCommand({ listDatabases: 1, nameOnly: true, filter: { name: /^example.*$/ } });
print('Found ' + dbs.databases.length + ' matching databases');

// Compose the user roles
// You can remove or add more roles here
const roles = dbs.databases.map(({ name }) => ({ role: 'readWrite', db: name }));

// Change to the database expected to store the user details
const userDb = db.getSiblingDB(userDatabase);

if (userDb.getUser(userName)) {
  // If the user already exists, update the user roles
  print('User already exist, granting roles...');
  userDb.grantRolesToUser(userName, roles);
} else {
  // If the user does not exist, create the user and add roles
  print('User does not exist, creating a user...');
  userDb.createUser({
    user: userName,
    pwd: passwordPrompt(), // This would prompt a password for the new user. The password can also be written in clear text here
    roles,
  });
}

You would run the script like this:

// Replace <host> and <port> with the host and port values of your mongoDB server. 
// Replace <adminUserName> with the userName of the admin user
mongo <host>:<port>/admin script.js -u <adminUserName> --authenticationDatabase "admin" -p

A password prompt would appear after running the command above, you should enter the password of the admin user.

like image 176
Tunmee Avatar answered Sep 28 '22 06:09

Tunmee