Skip to content

Instantly share code, notes, and snippets.

@ideabrian

ideabrian/mongodb_user_management.md

Created January 5, 2025 16:29
Show Gist options
  • Save ideabrian/5b1e1bf81197475ef2dbcfe24e73e248 to your computer and use it in GitHub Desktop.
Save ideabrian/5b1e1bf81197475ef2dbcfe24e73e248 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
mongodb_user_management.md

Managing MongoDB Users with mongosh

This guide provides step-by-step instructions to deauthorize and set up new users in MongoDB using mongosh.

Prerequisites

  1. Access to MongoDB: Ensure you can connect to your MongoDB server via mongosh.
  2. Admin Access: You need a user with the userAdmin role in the admin database.

Steps to Deauthorize (Remove) a User

1. Connect to MongoDB

Run the following command to connect to your MongoDB server:

mongosh --host <your_server_ip> --port <port> -u <admin_user> -p <password> --authenticationDatabase admin

Replace the placeholders:

  • <your_server_ip>: MongoDB server's IP address
  • <port>: Port number (default is 27017)
  • <admin_user>: Admin username
  • <password>: Admin password

2. Switch to the Relevant Database

If the user is associated with a specific database, switch to that database:

use <database_name>

Replace <database_name> with the name of the database.

3. Drop the User

Remove the user with:

db.dropUser("<username>")

Replace <username> with the name of the user to be removed.

4. Verify User Removal

To confirm the user has been removed, list all users:

db.getUsers()

Steps to Set Up a New User

1. Switch to the Relevant Database

Switch to the database where the user will be created:

use <database_name>

Replace <database_name> with the target database.

2. Create the User

Run the following command:

db.createUser({
    user: "<username>",
    pwd: "<password>",
    roles: [
        { role: "<role>", db: "<database_name>" }
    ]
})

Replace:

  • <username>: New user's name.
  • <password>: New user's password.
  • <role>: Desired role (e.g., readWrite, read).
  • <database_name>: Database where the role applies.

Example: To create a user with readWrite access to the mydb database:

db.createUser({
    user: "newUser",
    pwd: "securePassword123",
    roles: [
        { role: "readWrite", db: "mydb" }
    ]
})

3. Verify User Creation

To confirm the user was created successfully:

db.getUsers()

4. Test New User

Log out and log back in as the new user to test their credentials:

mongosh --host <your_server_ip> --port <port> -u newUser -p securePassword123 --authenticationDatabase mydb

Common User Roles

Role Description
read Grants read-only access to a specific database.
readWrite Grants read and write access to a specific database.
dbAdmin Grants administrative tasks on a specific database.
userAdmin Grants ability to manage users on a specific database.
clusterAdmin Grants administrative tasks on the entire cluster.

Optional: Audit Existing Users

To see all users across all databases (as admin):

use admin
db.system.users.find().pretty()

This command lists all users, their roles, and their associated databases.

This document provides a complete overview of user management using mongosh. Let us know if further clarification is needed!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment