4

I understand I can change a user's password by running db.changeUserPassword() as an MongoDB administrator. However, as a user with no administrator privilege, can I change my password just with my own account?

Thanks,

Although solution provided by Gergo worked. But I had to create a new role in order for it to work. I thought changeOwnPassword should be a built in privilege and not require additional admin work. Creating a dedicated role just for the purpose to be able to change user's own password is overkill in MongoDB.

johnsam
  • 4,192
  • 8
  • 39
  • 58

2 Answers2

7

If you have the necessary privileges, you can change your own password. You can verify that you have the necessary privileges by running this command:

db.runCommand(
  {
    usersInfo:"username",
    showPrivileges:true
  }
)

If it contains changeOwnPassword, then you can change the password:

db.runCommand(
    { updateUser: "username",
      pwd: "password"
    }
)

You can find more information in the MongoDB documentation.

Gergo Erdosi
  • 40,904
  • 21
  • 118
  • 94
  • But according to http://docs.mongodb.org/manual/reference/built-in-roles/, you need to have userAdmin role in order to be able to run changePassword action. But that's too powerful as you can grant you self administrator roles. That's not what I wanted. – johnsam May 24 '14 at 20:35
  • `changePassword` and `changeOwnPassword` are not the same. You can create a user defined role with `changeOwnPassword` privilege and grant that role to the user. – Gergo Erdosi May 24 '14 at 20:39
  • There is no changeOwnPassword role. mongos> db.createUser( ... { ... user: "john", ... pwd: "john", ... roles: ["changeOwnPassword", "readWrite" ] ... } ... ); 2014-05-24T14:48:32.467-0600 Error: couldn't add user: Role "changeOwnPassword@mydb" not found at src/mongo/shell/db.js:1004 – johnsam May 24 '14 at 20:49
  • `changeOwnPassword` is a privilege, not a role. As I said, you need to create a user defined role with that privilege. http://docs.mongodb.org/manual/tutorial/define-roles/ – Gergo Erdosi May 24 '14 at 20:50
  • `{ resource: {cluster: true}, actions: [ "changeOwnPassword" ] }` – Gergo Erdosi May 24 '14 at 20:52
  • I had to create a new role in order for it to work. I thought changeOwnPassword should be a built in privilege and not require additional admin work. Creating a dedicated role just for the purpose to be able to change user's own password is overkill in MongoDB. – johnsam May 24 '14 at 21:13
5

In the admin database, create a new role with changeOwnPassword action.

use admin
db.createRole(
   { role: "changeOwnPasswordRole",
     privileges: [
        {
          resource: { db: "", collection: ""},
          actions: [ "changeOwnPassword" ]
        }
     ],
     roles: []
   }
)

create a new user with changeOwnPasswordRole role and along with other roles

use test
db.createUser(
   {
     user:"user123",
     pwd:"12345678",
     roles:[ "readWrite", { role:"changeOwnPasswordRole", db:"admin" } ]
   }
)

login the above user credentials

Use the below command to update own password

db.updateUser("user123",{pwd: "pass123"})
Mani
  • 1,471
  • 1
  • 13
  • 19