MongoDB root user

Question

Is there a super UNIX like  root  user for MongoDB  I ve been looking at http   docs mongodb org manual reference user-privileges  and have tried many combinations  but they all seem to lack in an area or another  Surely there is a role that is above all the ones listed there

User · Answer

There is a Superuser Roles  root  which is a Built-In Roles  may meet your need

User · Answer

Mongodb user management   roles list   read readWrite dbAdmin userAdmin clusterAdmin readAnyDatabase readWriteAnyDatabase userAdminAnyDatabase dbAdminAnyDatabase   create user   db createUser user  writeConcern   db createUser   user   user     pwd   pass     roles          role   read   db   database              update user   db updateUser  user      roles          role   readWrite   db   database              drop user   db removeUser  user     or  db dropUser  user     view users   db getUsers      more information  https   docs mongodb com manual reference security  read

User · Answer

While out of the box  MongoDb has no authentication  you can create the equivalent of a root superuser by using the  any  roles to a specific user to the admin database    Something like this   use admin db addUser    user    lt username gt              pwd    lt password gt              roles     userAdminAnyDatabase                       dbAdminAnyDatabase                       readWriteAnyDatabase           Update for 2 6   While there is a new root user in 2 6  you may find that it doesn t meet your needs  as it still has a few limitations      Provides access to the operations and all the resources of the   readWriteAnyDatabase  dbAdminAnyDatabase  userAdminAnyDatabase and   clusterAdmin roles combined       root does not include any access to collections that begin with the   system  prefix    Update for 3 0   Use db createUser as db addUser was removed    Update for 3 0 7   root no longer has the limitations stated above      The root has the validate privilege action on system  collections    Previously  root does not include any access to collections that begin   with the system  prefix other than system indexes and   system namespaces

User · Answer

userAdmin is effectively the superuser role for a specific database  Users with userAdmin can grant themselves all privileges  However  userAdmin does not explicitly authorize a user for any privileges beyond user administration   from the link you posted

User · Answer

I noticed a lot of these answers  use this command   use admin   which switches to the admin database  At least in Mongo v4 0 6  creating a user in the context of the admin database will create a user with   id     admin administrator     gt  use admin  gt  db getUsers        gt  db createUser   user   administrator   pwd   changeme   roles      role   root   db   admin           gt  db getUsers                     id     admin administrator            user     administrator            db     admin            roles                                     role     root                    db     admin                                    mechanisms                   SCRAM-SHA-1                SCRAM-SHA-256                      I emphasize  admin administrator   for I have a Mongoid  mongodb ruby adapter  application with a different database than admin and I use the URI to reference the database in my mongoid yml configuration   development    clients      default        uri   lt    ENV  MONGODB URI     gt        options          connect timeout  15         retry writes  false   This references the following environment variable   export MONGODB URI  mongodb   administrator changeme 127 0 0 1 mysite development retryWrites true amp w majority    Notice the database is mysite development  not admin  When I try to run the application  I get an error  User administrator  mechanism  scram256  is not authorized to access mysite development    So I return to the Mongo shell delete the user  switch to the specified database and recreate the user     mongo  gt  db dropUser  administrator    gt  db getUsers       gt  use mysite development  gt  db createUser   user   administrator   pwd   changeme   roles      role   root   db   admin           gt  db getUsers                     id     mysite development administrator            user     administrator            db     mysite development            roles                                     role     root                    db     admin                                    mechanisms                   SCRAM-SHA-1                SCRAM-SHA-256                      Notice that the  id and db changed to reference the specific database my application depends on     id     mysite development administrator    db     mysite development     After making this change  the error went away and I was able to connect to MongoDB fine inside my application   Extra Notes   In my example above  I deleted the user and recreated the user in the right database context  Had you already created the user in the right database context but given it the wrong roles  you could assign a mongodb built-in role to the user   db grantRolesToUser  administrator      role   root   db   admin        There is also a db updateUser command  albiet typically used to update the user password

User · Answer

The best superuser role would be the root The Syntax is   use admin  db createUser        user   root       pwd   password       roles     root         For more details look at built-in roles   Hope this helps

[mongodb] MongoDB "root" user

Examples related to mongodb

Examples related to authentication

Examples related to mongodb-query

Examples related to authorization

Examples related to roles