|
Feature:
Restrict the creation of users to the admin only.
Use Case:
/* User can be added to DB test*/
> use test
switched to db test
> db.addUser("thetest","xxx");
{
"_id" : ObjectId("4dd0a3aa7f39df02fe90fba7"),
"user" : "thetest",
"readOnly" : false,
"pwd" : "6acce88bf52666bb832d0d51d5b4e94a"
}
/* User can be auth'ed and create data */
> db.auth("thetest","xxx");
1
> db.foobar.save(
{1:2}
);
> db.foobar.find();
{ "_id" : ObjectId("4debd8a54f5c3a55b982b97c"), "1" : 2 }
/* This new user can now add another user in the test database - this should be prevented since they are not auth'ed to the admin database */
> db.addUser("thetest2","boohoo");
{
"user" : "thetest2",
"readOnly" : false,
"pwd" : "0d2b4b28061638251db69fb85b32ee79"
}
|