Security is a foremost criteria in the databases. Proper authentication in the databases must be enabled to ensure high security.Users in the database paves a way for the better authentication in databases.In this post we are going to see how to create the users once you are done with the MongoDb installation.Its necesary to create the required range of the users.Each users have their own roles that they can perform.The following are the some users that are very much necessary in the mongodb databases .
Administrator user:
This user can grant themselves privileges in excess of their current privileges and even can grant themselves all privileges, even though the role does not explicitly authorize privileges beyond user administration.It is also a typical superuser in the database.
Root user:use admin
db.createUser(
{
user: "UserAdmin",
pwd: "password",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
It provides access to the operations and all the resources of the readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase and clusterAdmin roles combined also this user does not include any access to collections that begin with the system. prefix.
Read/Write user:use admin
db.createUser(
{
user: "root",
pwd: "password",
roles: [ "root" ]
}
)
This user provides the read and write permissions for a particular database that is specified.
use admin
db.createUser({user: "rw_user",pwd: "password",roles:[{ role: "readWrite",db:"test_db"}]})
Read user:
This user provides only the read permissions for a particular database that is specified.
Write user:use admin
db.createUser({user: "read_user",pwd: "password",roles:[{ role: "read",db:"test_db"}]})
This user provides only the write permissions for a particular database that is specified.
use admin
db.createUser({user: "write_user",pwd: "password",roles:[{ role: "write",db:"test_db"}]})
Backup User:
This
user is used to perform only the backup operations in the database.So
in case you have single instance its enough to have the following role:
use admin
db.createUser({user: "backup",pwd: "password",roles:[{ role: "dbAdmin",db:"admin"}]})
Incase you maintain any shard or replica you can have the below role:
use admindb.createUser({user: "backup",pwd: "password",roles:[{ role: "clusterdbAdmin",db:"admin"}]})
Check user privileges:
Its very much necessary to see what are all the privileges that are given to a particular user,to find them use the below query:
db.runCommand({usersInfo: { user: "root", db: "admin" },showPrivileges: true})
You can also create your own users similarly mentioned above if you have more ideas about the roles needed.To know more about the mongodb roles check this link.
Posts
0 comments:
Post a Comment