NoSQL Zone is brought to you in partnership with:

' ! Moshe Kaplan constantly helps successful firms getting to the next level and he is thrilled to uncover some of his secrets. Mr. Kaplan is a seasoned project management and cloud technologies lecturer. He is also known to be a cloud and SCRUM evangelist Moshe is a dSero.com Co-Founder. He was a R&D Director at Essence Security, led RockeTier and served as a board member in the IGT and as a department head at a top IDF IT unit. Moshe holds M.Sc and B.Sc from TAU. Moshe is a DZone MVB and is not an employee of DZone and has posted 59 posts at DZone. You can read more from them at their website. View Full User Profile

MongoDB, Users and Permissions

04.16.2013
| 7195 views |
  • submit to reddit

NoSQL and Enterprise Security?
That is not the first thing that comes to mind when you consider using NoSQL. It is not a big surprise as the early adapters of NoSQL were Internet companies.
An evident for that you can find in MongoDB, where authentication is dimmed by default.
How to Enable MongoDB Authentication?

  1. Create an Admin user (otherwise you will have issues to connect your server) from the local console:
    1. use admin;
    2. db.addUser({ user: "", pwd: "", roles: [ "userAdminAnyDatabase" ]})
  2. Enable authentication in the /etc/mongo.conf: auth=true
  3. Restart the mongod instance to enable authentication.
How to Add Additional users? Select the database that you want to add user to: use db.addUser( { user: "", pwd: "", roles: [ "", ""]}) And select the a user role from the following permissions list:
  1. read
  2. readWrite
  3. dbAdmin
  4. userAdmin
  5. clusterAdmin
  6. readAnyDatabase
  7. readWriteAnyDatabase
  8. userAdminAnyDatabase
  9. dbAdminAnyDatabase
How to Provide Permissions to Other Databases? This one is done with a "copy" like method, where userSource defines the database that the user definition should be copied from: use db.addUser( { user: "", userSource: "", roles: [ "" ] } ) In case you want to provide read permissions to all databases you may use the readAnyDatabases Bottom Line Not very complex, but more secure. 

Published at DZone with permission of Moshe Kaplan, author and DZone MVB.

(Note: Opinions expressed in this article and its replies are the opinions of their respective authors and not those of DZone, Inc.)

Comments

Russell Bateman replied on Wed, 2013/04/24 - 3:15pm

 Thanks for this succinct yet informative exposé!

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.