Skip to content

Instantly share code, notes, and snippets.

@ideabrian

ideabrian/mongodb_user_management.md

Last active January 5, 2025 16:32
Show Gist options
  • Save ideabrian/37089dcde1e3bd6536b65a982346ae3b to your computer and use it in GitHub Desktop.
Save ideabrian/37089dcde1e3bd6536b65a982346ae3b to your computer and use it in GitHub Desktop.
Download ZIP
Raw
mongodb_user_management.md

Managing MongoDB Users with mongosh

This guide provides step-by-step instructions to deauthorize and set up new users in MongoDB using mongosh.

Prerequisites

  1. Access to MongoDB: Ensure you can connect to your MongoDB server via mongosh.
  2. Admin Access: You need a user with the userAdmin role in the admin database.

Steps to Deauthorize (Remove) a User

1. Connect to MongoDB

Run the following command to connect to your MongoDB server:

mongosh --host <your_server_ip> --port <port> -u <admin_user> -p <password> --authenticationDatabase admin

Replace the placeholders:

  • <your_server_ip>: MongoDB server's IP address
  • <port>: Port number (default is 27017)
  • <admin_user>: Admin username
  • <password>: Admin password

2. Switch to the Relevant Database

If the user is associated with a specific database, switch to that database:

use <database_name>

Replace <database_name> with the name of the database.

3. Drop the User

Remove the user with:

db.dropUser("<username>")

Replace <username> with the name of the user to be removed.

4. Verify User Removal

To confirm the user has been removed, list all users:

db.getUsers()

Steps to Set Up a New User

1. Switch to the Relevant Database

Switch to the database where the user will be created:

use <database_name>

Replace <database_name> with the target database.

2. Create the User

Run the following command:

db.createUser({
    user: "<username>",
    pwd: "<password>",
    roles: [
        { role: "<role>", db: "<database_name>" }
    ]
})

Replace:

  • <username>: New user's name.
  • <password>: New user's password.
  • <role>: Desired role (e.g., readWrite, read).
  • <database_name>: Database where the role applies.

Example: To create a user with readWrite access to the mydb database:

db.createUser({
    user: "newUser",
    pwd: "securePassword123",
    roles: [
        { role: "readWrite", db: "mydb" }
    ]
})

3. Verify User Creation

To confirm the user was created successfully:

db.getUsers()

4. Test New User

Log out and log back in as the new user to test their credentials:

mongosh --host <your_server_ip> --port <port> -u newUser -p securePassword123 --authenticationDatabase mydb

Common User Roles

Role Description
read Grants read-only access to a specific database.
readWrite Grants read and write access to a specific database.
dbAdmin Grants administrative tasks on a specific database.
userAdmin Grants ability to manage users on a specific database.
clusterAdmin Grants administrative tasks on the entire cluster.

Optional: Audit Existing Users

To see all users across all databases (as admin):

use admin
db.system.users.find().pretty()

This command lists all users, their roles, and their associated databases.

This document provides a complete overview of user management using mongosh. Let us know if further clarification is needed!

And voila! https://gist.github.com/ideabrian/5b1e1bf81197475ef2dbcfe24e73e248

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment