Wow so many complicated/confusing answers here.
This is as of v3.4.
Short answer.
1) Start MongoDB without access control.
mongod --dbpath /data/db
2) Connect to the instance.
mongo
3) Create the user.
use some_db
db.createUser(
{
user: "myNormalUser",
pwd: "xyz123",
roles: [ { role: "readWrite", db: "some_db" },
{ role: "read", db: "some_other_db" } ]
}
)
4) Stop the MongoDB instance and start it again with access control.
mongod --auth --dbpath /data/db
5) Connect and authenticate as the user.
use some_db
db.auth("myNormalUser", "xyz123")
db.foo.insert({x:1})
use some_other_db
db.foo.find({})
Long answer: Read this if you want to properly understand.
It's really simple. I'll dumb the following down https://docs.mongodb.com/manual/tutorial/enable-authentication/
If you want to learn more about what the roles actually do read more here: https://docs.mongodb.com/manual/reference/built-in-roles/
1) Start MongoDB without access control.
mongod --dbpath /data/db
2) Connect to the instance.
mongo
3) Create the user administrator. The following creates a user administrator in the admin
authentication database. The user is a dbOwner
over the some_db
database and NOT over the admin
database, this is important to remember.
use admin
db.createUser(
{
user: "myDbOwner",
pwd: "abc123",
roles: [ { role: "dbOwner", db: "some_db" } ]
}
)
Or if you want to create an admin which is admin over any database:
use admin
db.createUser(
{
user: "myUserAdmin",
pwd: "abc123",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
4) Stop the MongoDB instance and start it again with access control.
mongod --auth --dbpath /data/db
5) Connect and authenticate as the user administrator towards the admin
authentication database, NOT towards the some_db
authentication database. The user administrator was created in the admin
authentication database, the user does not exist in the some_db
authentication database.
use admin
db.auth("myDbOwner", "abc123")
You are now authenticated as a dbOwner
over the some_db
database. So now if you wish to read/write/do stuff directly towards the some_db
database you can change to it.
use some_db
//...do stuff like db.foo.insert({x:1})
// remember that the user administrator had dbOwner rights so the user may write/read, if you create a user with userAdmin they will not be able to read/write for example.
More on roles: https://docs.mongodb.com/manual/reference/built-in-roles/
If you wish to make additional users which aren't user administrators and which are just normal users continue reading below.
6) Create a normal user. This user will be created in the some_db
authentication database down below.
use some_db
db.createUser(
{
user: "myNormalUser",
pwd: "xyz123",
roles: [ { role: "readWrite", db: "some_db" },
{ role: "read", db: "some_other_db" } ]
}
)
7) Exit the mongo shell, re-connect, authenticate as the user.
use some_db
db.auth("myNormalUser", "xyz123")
db.foo.insert({x:1})
use some_other_db
db.foo.find({})