How do you change MongoDB user permissions? -
for instance, if have user:
> db.system.users.find() { "user" : "testadmin", "pwd" : "[some hash]", "roles" : [ "clusteradmin" ], "otherdbroles" : { "testdb" : [ "readwrite" ] } } and want give user dbadmin permissions on testdb database, can remove user record add new permissions:
> db.system.users.remove({"user":"testadmin"}) > db.adduser( { user: "testadmin", pwd: "[whatever]", roles: [ "clusteradmin" ], otherdbroles: { testdb: [ "readwrite", "dbadmin" ] } } ) but seems hacky , error-prone.
and can update table record itself:
> db.system.users.update({"user":"testadmin"}, {$set:{ otherdbroles: { testdb: [ "readwrite", "dbadmin" ] }}}) but i'm not sure if creates correct permissions - looks fine may subtly wrong.
is there better way this?
> db.users.findone() { "_id" : objectid("51e3e2e16a847147f7ccdf7d"), "user" : "testadmin", "pwd" : "[some hash]", "roles" : [ "clusteradmin" ], "otherdbroles" : { "testdb" : [ "readwrite" ] } } > db.users.update({"user" : "testadmin"}, {$addtoset: {'otherdbroles.testdb': 'dbadmin'}}, false, false) > db.users.findone() { "_id" : objectid("51e3e2e16a847147f7ccdf7d"), "user" : "testadmin" "pwd" : "[some hash]", "roles" : [ "clusteradmin" ], "otherdbroles" : { "testdb" : [ "readwrite", "dbadmin" ] }, } update:
mongodb checks permission on every access. if see operator db.changeuserpassword:
> db.changeuserpassword function (username, password) { var hashedpassword = _hashpassword(username, password); db.system.users.update({user : username, usersource : null}, {$set : {pwd : hashedpassword}}); var err = db.getlasterror(); if (err) { throw "changing password failed: " + err; } } you see — operator changes user's document.
see system.users privilege documents , delegated credentials mongodb authentication
Comments
Post a Comment