[SERVER-10993] Single user multiple databases in MongoDB Created: 01/Oct/13  Updated: 10/Dec/14  Resolved: 02/Oct/13

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Question Priority: Major - P3
Reporter: Siva Balasubramaniam Assignee: Unassigned
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Participants:

 Description   

Can a single user be created for more than one database in MongoDB?



 Comments   
Comment by Siva Balasubramaniam [ 02/Oct/13 ]

Thank you very much.
-Siva

Comment by J Rassi [ 01/Oct/13 ]

Thanks you. Correct me if I am wrong, In order to insert data in the database test1 and test2, the use need to login as "admin" user. Is that right?

That user has to log in against the "admin" database with whatever username was specified in the privilege document.

One more question. How to pull the access from the user on one database.

You're not using the $pull operator properly. The $pull operator takes a document as its argument, where the field name refers to the array to operate on, and the value is the element to remove from the array. So, your update should instead look like:

db.system.users.update({user:"<username>"},{$pull:{"otherDBRoles.test1":"readWrite"}})

Comment by Siva Balasubramaniam [ 01/Oct/13 ]

One more question. How to pull the access from the user on one database.
Example :
Current user "testing" has access to two databases, want to change the role from readWrite on test2 to "read" ( Tried, but not working)

db.addUser( { user: "testing",
pwd: "testing",
roles: [ ],
otherDBRoles:

{ test1: [ "readWrite" ], test2: [ "readWrite" ] }

} )

Can I revoke readWrite privileges from user testing on database test1?

db.system.users.update(

{ user:"testing"}

,{ $pull:{ otherDBRoles:

{ test1: [ "readWrite" ] }

}})

Thanks
Siva

Comment by Siva Balasubramaniam [ 01/Oct/13 ]

Thanks you. Correct me if I am wrong, In order to insert data in the database test1 and test2, the use need to login as "admin" user. Is that right?

-Siva

Comment by J Rassi [ 01/Oct/13 ]

Users with the readWrite role are granted the ability to create/access/modify collections (see the documentation for a complete list of allowed actions). So, assuming you're using basic authentication, a privilege document for your example would look like:

{
	"user" : "<username>",
	"pwd" : "<password>",
	"roles" : [ ],
	"otherDBRoles" : {
		"test1" : [
			"readWrite"
		],
		"test2" : [
			"readWrite"
		]
	}
}

Comment by Siva Balasubramaniam [ 01/Oct/13 ]

What minimum privileges need to be given in we plan to use option 2?
Say there are two databases test1 and test2 and I have created user TEST , which will create collections and readWrite to the collections in database test1 and test2.

Thanks
Siva

Comment by J Rassi [ 01/Oct/13 ]

Yes. In MongoDB 2.4, either 1) create additional privilege documents with a userSource field in each desired database, or 2) create the user on the admin database with an otherDBRoles field with entries for each desired database, or 3) to give a user blanket access to all databases, create the user on the admin database and grant the user an "any database" role.

Generated at Thu Feb 08 03:24:35 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.