First, we add an admin account. Navigate to the MongoDB directory on your machine then start the database.
$ ./mongoSwitch to the database of your choice and add users to it.
> use admin
> db.addUser(adminuser, adminpassword)
> use fooThis adds a user
> db.addUser(myuser, userpassword)
myuser
that has read and write access to the database. If we want a user with read-only access, set the third parameter for addUser()
. > db.addUser(guest, guestpassword, true)You can check for users with access to a particular database like thus:
> db.system.users.find().pretty()
{
"_id" : ObjectId("4ee9863d954eb7168e07089d"),
"user" : "zarah",
"readOnly" : false,
"pwd" : "70581bfb1e32e2286df11fe119addc7a"
}
{
"_id" : ObjectId("4ee98658954eb7168e07089e"),
"user" : "guest",
"readOnly" : true,
"pwd" : "88558f1ece63fa0b528012b9840bd9de"
}
Now stop the MongoDB server and restart it with authentication enabled.
$ ./mongod --authwhere
> mongo foo -u myuser -p userpassword
foo
is the database that myuser
has access to. You can now read and write into database
foo
. Notice however that querying for databases would result to an error:> show dbs
Mon Dec 19 17:21:20 uncaught exception: listDatabases failed:{ "errmsg" : "need to login", "ok" : 0 }
Exit MongoDB and login again, this time using the read-only account. If we try inserting a document, an error should appear:
> db.foo.insert({"title","MongoDB Authentication Test"})The read-only account can query for collections and use
unauthorized
find()
and its variations. It can't, however, query for databases.