0

I am logging in to the test database using the following credentials

username : testUser
password : pass

The user has only readWrite access to the database. I want to change the current user's password to pass123.

I tried both the below options

db.changeUserPassword("testUser", "pass123")
db.updateUser("testUser",{pwd: "pass123"})

Both failed with following errors respectively

Error: not authorized on test to execute command

Error: Updating user failed: not authorized on test to execute command { updateUser: "testUser", pwd: "xxx" }

Is there any way to change the current user's password without the help of admin roles?

UPDATE

It makes sense if the user is not allowed to change other user's password. But why the user is restricted to change his/her own password.

How to handle the below scenario?

Consider If I company policy forcing all the database users to change their password for every 30 days, as per the solution the user has to ask the admin to change the password.

ANSWER:

In the admin database, create a new role with changeOwnPassword action.

use admin
db.createRole(
   { role: "changeOwnPasswordRole",
     privileges: [
        {
          resource: { db: "", collection: ""},
          actions: [ "changeOwnPassword" ]
        }
     ],
     roles: []
   }
)

create a new user with changeOwnPasswordRole role and along with other roles

use test
db.createUser(
   {
     user:"user123",
     pwd:"12345678",
     roles:[ "readWrite", { role:"changeOwnPasswordRole", db:"admin" } ]
   }
)

login the above user credentials

Use the below command to update own password

db.updateUser("user123",{pwd: "pass123"})

Change Your Password and Custom Data

How to change my mongoDB user password as non administrator?

These link helped me with the above solution, not the link marked as duplicate.

I have read How do I change a MongoDB user's password? and it's helpful but doesn't address how to change own password. Please remove the DUPLICATE flag.

Mani
  • 1,471
  • 1
  • 13
  • 19
  • [*"To modify the password of another user on a database, you **must have the changeAnyPassword action on that database**."*](https://docs.mongodb.com/manual/reference/method/db.changeUserPassword/#required-access). You must be logged in with an account that has sufficient privilege. Otherwise the documented methods apply. – Neil Lunn Mar 06 '19 at 00:18
  • See also: [How can I enter Mongo as a superuser or reset users?](https://dba.stackexchange.com/q/62976/35705) from [dba.stackexchange.com](https://dba.stackexchange.com/) which is where Database Administration questions should be asked. – Neil Lunn Mar 06 '19 at 00:20
  • @NeilLunn as I mentioned in the question, I want to know is there any way I can update the logged in user's password with logged in user's role. Because in other databases the logged in user have permission to change their own password. My question is there anything like this available in MongoDB. Because it does not make sense to ask someone else to change my password every time. – Mani Mar 06 '19 at 00:26
  • And your question is answered by existing answers, and the very helpfully highlighted point in the documentation shown to you above. If you log in with an account with privilege, then you can do it. But `readWrite` lacks that privilege. Perhaps pay attention to the "user administration is not programming" part. – Neil Lunn Mar 06 '19 at 00:29
  • @NeilLunn I clearly get that `readWrite` role cannot change the password. It makes sense if he is not allowed to change others password. Why he is restricted to change his own password. Consider If I am forcing all my database users to change the password for every 30 days, as per the solution the user has to ask the admin to change the password. – Mani Mar 06 '19 at 00:37

0 Answers0