Securing MongoDB – User Administration

The db.createUser(user, writeConcern) method used to create users.We need to provide the username, password and roles

The definition of createUser as follows

user: "<name>",
pwd: "password>",
customData: { <User Tag> },
roles: [
    { role: "<role>", db: "<database>" },
    { role: "<role>", db: "<database>"},    ...


Role is an approach to restricting system/DB access to authorized users.The security hierarchy is similar to various DB technologies. There are various roles are

Database User Roles

  • read
  • readWrite

Database Administration Roles

  • dbAdmin
  • dbOwner
  • userAdmin

Cluster Administration Roles

  • clusterAdmin
  • clusterManager
  • clusterMonitor
  • hostManager

Backup and Restoration Roles

  • backup
  • restore

All-Database Roles

  • readAnyDatabase
  • readWriteAnyDatabase
  • userAdminAnyDatabase
  • dbAdminAnyDatabase

Superuser Roles

  • root

Internal Role

  • –system

The Roles are a self explanatory. For further reading, read the following MongoDB reference manual Roles

Create User


 user: "reportUser",
 pwd: "12345678",
 roles: [
             {role: "read", db :"northwind"},
             {role: "readWrite", db: "records"},
             {role: "backup", db: "admin"},
             {role:"clusterAdmin", db: "admin"},
             {role:"readAnyDatabase", db: "admin"}


Identify the user roles by using db.getUser()



Change Password


Drop a user from mongodb using the db.dropUser()


Revoke a role from the user using revokeRolesFromUser()

{role: "readWrite", db:" northwind"},
{role: "backup", db: "admin"}


About Prashanth Jayaram

DB Technologist, Author, Blogger, Service Delivery Manager at CTS, Automation Expert, Technet WIKI Ninja, MVB and Powershell Geek My Profile: jayaram/ Connect Me: Twitter @prashantjayaram GMAIL The articles are published in:
This entry was posted in MongoDB and tagged , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s