Rather than using CRUD operations on db.system.users collections, user objects will be manipulated via commands:
db.runCommand({
createUser: 1,
user: "spencer",
password: "clear password", // Unless "db" is "$external"
extraData: <optional opaque Object>
roles: [ { name: "roleName", db: "roleDB", canDelegate: <Boolean> }, ... ]
});
db.runCommand({
updateUser: 1,
user: "spencer",
password: "new password clear", // Optional
extraData: <Object>, // Optional
});
db.runCommand({ deleteUser: 1, user: "spencer" });
db.runCommand({
grantRolesToUser: 1,
user: "spencer",
db: "somedb", // Should this default to the db this command is targeted at?
roles: [ { name: "roleName", db: "roleDB", canDelegate: <Boolean> }, ...]
});
db.runCommand({
revokeRolesForUser: 1, // Who can do this?
user: "spencer",
db: "somedb", // Should this default to the db this command is targeted at?
roles: [ { name: "roleName", db: "roleDB", canDelegate: <Boolean> }, ...]
});
db.runCommand({ usersInfo: 1, [userName: "spencer"] })
- depends on
-
SERVER-9980 Add write concern to user management commands
-
- Closed
-
- is depended on by
-
SERVER-4225 Adding first admin user to database via localhost works but returns error message
-
- Closed
-
-
CSHARP-793 Manipulate user objects exclusively via commands
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- is duplicated by
-
SERVER-9662 API for managing user roles
-
- Closed
-
- is related to
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
-
-
- Closed
-
- related to
-
-
- Closed
-