{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 手持菜刀,她持情操 的问题《Mongo DB where to keep user accounts?》','https://www.manongdao.com/q-907162.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am newbie to MongoDB, I have been trying to find the right way of storing user accounts, but haven't found any good explanation of this topic.
My questions where to store user accounts for accessing databases, managing users ....
I have created admin user in system admin table. That is the right place I guess. But what about new database ?
In order to disambiguate things here is output of mongo shell
> use admin
switched to db admin
> db.getUsers();
[
{
"_id" : "admin.mongoadmin",
"user" : "mongoadmin",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
},
{
"_id" : "admin.api_videos",
"user" : "api_videos",
"db" : "admin",
"roles" : [
{
"role" : "dbOwner",
"db" : "videos"
}
]
}
]
> use videos
switched to db videos
> db.getUsers();
[
{
"_id" : "videos.api_videos",
"user" : "api_videos",
"db" : "videos",
"roles" : [
{
"role" : "dbOwner",
"db" : "videos"
}
]
}
]
>
So you can clearly see that I have created two users api_videos. So where should it be ? In admin table or in the table which it is related to ?
It depends. Strategy is to constrain your users to the database they will performing actions on.
All the admin users for each db should go into their respective databases.
Let me give you some idea how it all works. Much more detail is provided in docs.
root
Create super users with root to grant all the privileges for all the roles in the admin database and can perform operations in other databases.
You can customize admin users with different roles to allow for stricter administration.
There are few administration roles only available in admin database.
Root user can now perform any of below operations.
dbOwner
Create admin users with dbOwner role to grant all the privileges in a specific database includes database administration and user management for the database.
userAdmin
Create users with userAdmin role to grant with user management privliges in specfic database.
Both dbOwner users and userAdmin users can create users in the specific database with user defined roles(read and readWrite).
Moreover, you can create users with custom roles and privileges which will allow fine grained control.