Secure MongoDB Self-Managed: AuthN and AuthZ / Manage Database Users and Custom Roles
Code Summary: Database User Authorization
The code below creates a custom database role and creates a new user assigned to that role.
Create a custom database role:
Here, we create a custom database role named salesAnalytics. The role allows a user to read documents in the sales and returns collections.
use catalog
db.createRole(
{
role: "salesAnalytics",
privileges: [
{ resource: { db: "catalog", collection: "sales" }, actions: [ "find" ] },
{ resource: { db: "catalog", collection: "returns" }, actions: [ "find" ] }
],
roles: []
}
)
Create a database user and assign a role:
Here, we create a database user and assign it to the salesAnalytics role.
use admin
db.createUser(
{
user: "salesAnalyticsUser",
pwd: passwordPrompt(),
roles: [ { role: "salesAnalytics", db: "catalog" } ]
}
)