Mongodb create user with only read and write access
https://dba.stackexchange.com/questions/206236
-
31-12-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
Hi I created a new using using following command in mongodb,
db.createUser({ user: 'csquad', pwd: 'somepass123', roles: [ { role: "readWrite", db: "cloud"}]});
Now this user is able to login to db Cloud and do any activities. Including he is able to create a user with same readWrite access to database cloud.
Now I wanted to update this user to a new role so that he has only Read and Write access to any Document or create any collections in this DB. Should not have access to create new user.
How or what role I should assign in MongoDB
Even if I create a user with role "read" still he is able to create a new user with readWrite. And the "read" user is still able to create new collections / add documents
Basically any user in the "cloud" database is able to perform any task irrespective of Roles assigned to them. Only restriction is they are able to do all task in the specified database (like they can't login to admin DB etc..)
La solution
I look like that you haven't enabled authentication (--auth) at the database. Without authentication, there is no authorization. That's why all users can do now whatever they want.
