[SERVER-10993] Single user multiple databases in MongoDB Created: 01/Oct/13 Updated: 10/Dec/14 Resolved: 02/Oct/13 |
|
| Status: | Closed |
| Project: | Core Server |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Question | Priority: | Major - P3 |
| Reporter: | Siva Balasubramaniam | Assignee: | Unassigned |
| Resolution: | Done | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Participants: |
| Description |
|
Can a single user be created for more than one database in MongoDB? |
| Comments |
| Comment by Siva Balasubramaniam [ 02/Oct/13 ] | |||||||||||||
|
Thank you very much. | |||||||||||||
| Comment by J Rassi [ 01/Oct/13 ] | |||||||||||||
That user has to log in against the "admin" database with whatever username was specified in the privilege document.
You're not using the $pull operator properly. The $pull operator takes a document as its argument, where the field name refers to the array to operate on, and the value is the element to remove from the array. So, your update should instead look like:
| |||||||||||||
| Comment by Siva Balasubramaniam [ 01/Oct/13 ] | |||||||||||||
|
One more question. How to pull the access from the user on one database. db.addUser( { user: "testing", } ) Can I revoke readWrite privileges from user testing on database test1? db.system.users.update( { user:"testing"},{ $pull:{ otherDBRoles: { test1: [ "readWrite" ] }}}) Thanks | |||||||||||||
| Comment by Siva Balasubramaniam [ 01/Oct/13 ] | |||||||||||||
|
Thanks you. Correct me if I am wrong, In order to insert data in the database test1 and test2, the use need to login as "admin" user. Is that right? -Siva | |||||||||||||
| Comment by J Rassi [ 01/Oct/13 ] | |||||||||||||
|
Users with the readWrite role are granted the ability to create/access/modify collections (see the documentation for a complete list of allowed actions). So, assuming you're using basic authentication, a privilege document for your example would look like:
| |||||||||||||
| Comment by Siva Balasubramaniam [ 01/Oct/13 ] | |||||||||||||
|
What minimum privileges need to be given in we plan to use option 2? Thanks | |||||||||||||
| Comment by J Rassi [ 01/Oct/13 ] | |||||||||||||
|
Yes. In MongoDB 2.4, either 1) create additional privilege documents with a userSource field in each desired database, or 2) create the user on the admin database with an otherDBRoles field with entries for each desired database, or 3) to give a user blanket access to all databases, create the user on the admin database and grant the user an "any database" role. |