The first step in configuring access control is to implement a user administrator. The user administrator should only have rights to create users and not to manage the databases or other administration functions. This keeps a clean separation between database administration and user account administration.
You create a user administrator by executing the following two commands in the MongoDB shell to access the admin
database and then add a user with userAdminAnyDatabase
rights:
use admin
db.addUser( { user: "<username>",
pwd: "<password>",
roles: [ "userAdminAnyDatabase" ] } )
The user administrator account should be created with userAdminAnyDatabase
as the only role. This gives that user the ability to create new user accounts but not to manipulate the database beyond that. The following example creates a user administrator with username useradmin
and password test
, as shown in Figure 12.4:
use admin
db.addUser( { user: "useradmin",
pwd: "test",
roles: [ "userAdminAnyDatabase" ] } )