Mongodb primary series 1: users and permissions



For databases, users and permissions are a very important part, because it involves security. What about mongodb users and permissions?


Environmental description

The version of mongodb used in this paper is 3.6, and the operating system is windows.

Other instructions

Limited to space, this article will not introduce the database from download to installation process, about the installation tutorial, there are a large number of online tutorials, you can follow these tutorials to install and run it. This paper will focus on the implementation of mongodbUsers and permissionsThis part.

Server and client

Mongodb is divided into server and client.
In the installation directory of Windows environment, double-click directly to open mongod.exe To start mongodb service.
When the service is started, you can double-click mongo.exe Open the client to connect to the mongodb service.

Enable authorization mode

After mongodb is installed, if you directly use mongod.exe Turn on the service,By default, the authorization mode is not enabledIf your mongodb doesn’t open the authorization mode, then anyone can log in to the mongodb server without a user name and password, and do whatever they want with your database, even directlyDelete library and run. Therefore, in the product environment, please make sure you remember to turn on the authorization mode.

So, how to turn on the authorization mode?
Open CMD, enter the bin directory of the installation directory, and execute the following command:

mongod --auth --port 27017 --dbpath /data/db

After the authorization mode is turned on, open the mongo.exe In the admin database, executeshow dbsAt this time, the database will report an error to remind that there is no authorization. As follows:
Mongodb primary series 1: users and permissions

customer type

Mongodb database is roughly divided into two types of users, one is administrator user, the other is ordinary user.


We create an administrator user (useradmin or useradminanydatabase role) in the admin database. The administrator user can manage ordinary users.
First, toUnauthorized modeStart mongodb service.

mongod --port 27017 --dbpath /data/db

Then enter the admin database and execute the following command:

use admin
    user: "larry",
    pwd: "123456",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]

When prompted successfully added user, it is proved that the administrator user has been added successfully.

Ordinary users

When the administrator user is created successfully, we can use this administrator user to create ordinary users for each database.
First, close all the Mongo shell windows above.
And thenAuthorization modeStart mongodb service.

mongod --auth --port 27017 --dbpath /data/db

open mongo.exe Client, enter the admin database, usedb.auth()Sign in.
Mongodb primary series 1: users and permissions

The first parameter is the administrator user name Larry created above, and the second parameter is the password of the administrator user Larry.
The result returns 1, indicating that the administrator Larry has successfully logged in.
Next, use this administrator to give photos_ The app database creates an ordinary user moddx and specifies its permission as readwrite.

use photo_app
  user: "moddx",
  pwd: "123456",
  roles: [{ role: "readWrite", db: "photo_app"}]

View users

Global all accounts

First of all, it is necessary toAdministrator accountLog in to the admin database, and then execute the following command:


Mongodb primary series 1: users and permissions

Accounts in the current library

To view all global accounts, only administrators can view them. To view the accounts in the current library, ordinary users and administrators can view them. The command to view the accounts in the current library is as follows:

show users

Mongodb primary series 1: users and permissions

delete user

You must have an administrator account with dropuser rights to delete users. Therefore, you need to log in with an administrator account for operation.
The command to delete moddx from myblog database is as follows:

use myblog
db.dropUser("moddx", {w: "majority", wtimeout: 5000})

Revoke authority

To revoke a user’s permission, the command is as follows:

      { role: "readWrite", db: "photo_app" }

Note: Although the above command revokes the moddx user in photo_ Read and write permissions in the app database, however, the user has not been deleted and can still log in.

Grant permission

The following command is given to the user moddx in photo_ At the same time, it gives him read permission in the demodb database

use photo_app
   [ "readWrite" , { role: "read", db: "demodb" } ],
   { w: "majority" , wtimeout: 4000 }

Change Password

The following command modifies photo_ Password of user moddx in app:

use photo_app
db.changeUserPassword("moddx", "newpwd")


About users and permissions, the common shell operation commands are just these. I hope it will be convenient for you to use mongodb. If you need a more detailed introduction, please refer to the official document:mongo shell methods