Reputation: 3458
Cannot create admin users in separate databases in MongoDB
I'm using MongoDB version 2.6.2 and have two databases - admin and books. In previous versions of MongoDB (1.*) I could create admin users for each database separately. Now whenever I try to create users for second db, they're still added to the first one. Here is the excerpt from the mongo shell output:
/* creating admin db */
> use admin;
switched to db admin
> db.createUser( { "user" : "admin_root", "pwd": "pass", "roles" : ["root"] } )
Successfully added user: { "user" : "admin_root", "roles" : [ "root" ] }
/* creating books db */
> use books;
switched to db books
> db.createUser( { "user" : "admin_books", "pwd": "pass", "roles" : ["dbOwner"] } )
Successfully added user: { "user" : "admin_books", "roles" : [ "dbOwner" ] }
> db.createUser( { "user" : "logger", "pwd": "pass", "roles" : ["readWrite"] } )
Successfully added user: { "user" : "logger", "roles" : [ "readWrite" ] }
/* users in books db */
> db.system.users.find()
> /* Nothing here */
/* users in admin db */
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : "admin.admin_root", "user" : "admin_root", "db" : "admin", "credentials" : { "MONGODB-CR" : "082e4c55ecb7993eb3b1825fe7df8902" }, "roles" : [ { "role" : "root", "db" : "admin" } ] }
{ "_id" : "books.admin_books", "user" : "admin_books", "db" : "books", "credentials" : { "MONGODB-CR" : "0384574df69c4b809c4432f79c0d8a97" }, "roles" : [ { "role" : "dbOwner", "db" : "books" } ] }
{ "_id" : "books.logger", "user" : "logger", "db" : "books", "credentials" : { "MONGODB-CR" : "307b0eac760bd1031b82908c84a231d6" }, "roles" : [ { "role" : "readWrite", "db" : "books" } ] }
>
Is there anything I'm doing wrong?
Upvotes: 1
Views: 1141
Answers (1)
Reputation: 27497
This is correct behavior. The users are being created with the correct credentials and roles for their assigned databases. For instance this document in the "system.users" collection in the database admin:
{ "_id" : "books.admin_books", "user" : "admin_books", "db" : "books", "credentials" : { "MONGODB-CR" : "0384574df69c4b809c4432f79c0d8a97" }, "roles" : [ { "role" : "dbOwner", "db" : "books" } ] }
clearly shows that this user has the role "dbOwner" for the database "books".
Perhaps your confusion is that all of these users are stored in the "system.users" collection in the "admin" database. That is where all user information is stored. From the documentation:
admin.system.users
Changed in version 2.6.
The admin.system.users collection stores the user’s authentication credentials as well as any roles assigned to the user. Users may define authorization roles in the admin.system.roles collection.
http://docs.mongodb.org/manual/reference/system-collections/
Upvotes: 1
Related Questions
- MongoDB - admin user not authorized
- A MongoDB "userAdminAnyDatabase" user cannot admin users in "any database". Why?
- MongoDB unable to connect to the newly created admin user in admin db
- Mongoose: authenticate onto different Mongo-databases with admin-priviliges of one user
- Mongodb No Access with admin
- Create admin user that can authenticate to any database (even those that do not exist yet)
- MongoDB Roles - user access multiple databases
- Cannot add user with userAdmin or userAdminAnyDatabase priviledges to the admin database
- MongoDB user with role userAdminAnyDatabase on admin database
- Can not access other dbs for user who created as "userAdminAnyDatabase" role