User Role Management for more Secure MongoDB
In this post, I would share about the approach I have taken to create users in MongoDB, for a secure Database Server.
What Will I Learn?
- MongoDB terminal to add new user
- Start a MongoDB server with authentication
Requirements
- MongoDB installed
- Basic CRUD operation in MongoDB
- Basic understanding of Node.js and JavaScript
Difficulty
Advanced
Tutorial Contents
Adding security to MongoDB
Create User in MongoDB
Creating users for the database and assign roles for the users are the most common approach of setting up security to any DataBase.
This method allows an admin to control other user's permission.
Step 1: Entering a database
show dbs, to show the current available database.
Then, choose the database that you want to add user. For my case, I will run use mongotutorial.
Step 2: Create a user
To check current available user, run db.getUsers();
Then, create user with
> db.createUser(
{
user: "johnson",
pwd: "password123",
roles: [
{ role: "userAdmin", db: "mongotutorial"}
]
});
Where the user means the username for the User, pwd is the password which will then being encrypted, and roles to set permission for the User.
The type of roles available can be refer to MongoDB official website
Run db.getUsers(); to check wether the user is created.
The return data:
[
{
"_id" : "mongotutorial.johnson",
"user" : "johnson",
"db" : "mongotutorial",
"roles" : [
{
"role" : "userAdmin",
"db" : "mongotutorial"
}
]
}
]
Based on the return data, _id shows that johnson is referring to mongotutorial database.
Step 3: Start MongoDB with Authentication
Previously, the way we started mongo is with just mongod. Instead of starting with mongod, add in a few configuration to make it authenticate.
Starting an authenticate MongoDB is crucial for the sake of security.
The command that you use is:
> mongod --auth
--auth- Start a server with authentication.--fork(optional) - To run mongod on background.--logpath <location>(optional, required when use with fork) - Define where to store logs.--dbpath <location>(optional) - in case you want to specify the database path.
In another terminal, run mongo. When you try to use command like show dbs, it will show that you are not authenticate.
To authenticate yourself, first go to the database mongotutorial, and run db.auth();.
> use mongotutorial;
> db.auth("johnson", "password123");
> db.getUsers();
As you can see, the db.getUsers() are able to query out data, means that the user are authenticated.
Final thoughts
Security are always the first priority when the database is being used in production. Setting up user roles, allows admin to control the database permission.
In the next tutorial, I will talk about use of regex and Map-Reduce in MongoDB.
Curriculum
- Getting Started with MongoDB
- MongoDB: CRUD operation in console and introduction to mongoose.js
- Using Indexes to Increase performance with MongoDB Query
- Aggregation with MongoDB (Comparison with SQL)
- Data modeling and Relationship in MongoDB
Posted on Utopian.io - Rewarding Open Source Contributors
Your contribution cannot be approved because it doesn't follow the utopian rules.
You can contact us on Discord.
[utopian-moderator]
Hey @miguepersa, I just gave you a tip for your hard work on moderation. Upvote this comment to support the utopian moderators and increase your future rewards!
You are good on this platform.. always sharing good info.. Great work
Thanks !
Great work.
You’ve been upvoted by TeamMalaysia community. Here are trending posts by other TeamMalaysia authors at http://steemit.com/trending/teammalaysia
To support the growth of TeamMalaysia Follow our upvotes by using steemauto.com and follow trail of @myach
Vote TeamMalaysia witness bitrocker2020 using this link vote for witness