How to create user with read-write access for specific DB only in MongoDB?

Question

I've created user by shell:

use testDB
db.createUser({user: 'testUser', pwd: 'password', roles: ["readWrite"]})

But the user can see and modify another databases also (like admin). I've checked by db.runCommand({connectionStatus : 1}) and 'testUser' is logged in the session.

How to create user with read-write access just for specific database?

In the configuration, what is [security.authorization](https://docs.mongodb.com/manual/reference/configuration-options/index.html#security.authorization) set to? — Joe, Sep 22 '20 at 09:48
You need to get an idea of what is authentication and authorization in MongoDB. Authorization allows a user to have specific access to a resource. See this tutorial [Security - Enable Access Control](https://docs.mongodb.com/v4.2/tutorial/enable-authentication/). — prasad_, Sep 22 '20 at 10:18

Vinit Sakhare · Accepted Answer · 2020-10-25T13:03:11.463

5

You can perform all user maintenance in admin database namespace. So, for your case, you can run following commands from your mongo shell:

use admin

db.createUser({
  user: "testUser",
  pwd: "password",
  roles: [
    { role: "readWrite", db: "<your_database>" }
  ]
})

More details can be found at MongoDB documentation: https://docs.mongodb.com/manual/reference/method/db.createUser/

edited Oct 25 '20 at 13:03

answered Oct 25 '20 at 12:51

Vinit Sakhare

74
3

How to create user with read-write access for specific DB only in MongoDB?

1 Answers1