DATABASE COMMANDS

Education is not limited to just classrooms. It can be gained anytime, anywhere... - Ravi Ranjan (M.Tech-NIT)

MongoDB User Management Commands

Create New User - createUser Command

The createUser command is used to create a new user on the database where you run the command. The createUser command returns an error message if the user already exists.

A database name must have to mention at the time to create a new user with createUser action.

A grantRole action must have to mention on a role’s database to grant the role to another user.

If you have the userAdmin or userAdminAnyDatabase role, or if you are authenticated using the localhost exception, you have those actions.

Syntax:

{ createUser: "",
  pwd: "",
  customData: { },
  roles: [
    { role: "", db: "" } | "",
    ...
  ],
  writeConcern: { }
}    

Parameters:

Name

Type

Description

createUser

string

The name of the new user.

pwd

string

The user’s password.

customData

document

Optional.

roles

array

The roles granted to the user

writeConcern

document

Optional. The write concern briefs the guarantee that MongoDB provides at the time of reporting on the success of a write operation. w: 1 as the default write concern.

Assume that our database name is userdetails and there are the following document:

db.userdetails.insert({"user_id" : "user1","password" :"1a2b3c" ,
"date_of_join" : "16/10/2010" ,"education" :"M.C.A." ,
"profession" : "CONSULTANT","interest" : "MUSIC",
"community_name" :["MODERN MUSIC", "CLASSICAL MUSIC","WESTERN MUSIC"],
"community_moder_id" : ["MR. Alex","MR. Dang","MR Haris"],
"community_members" : [700,200,1500],
"friends_id" : ["kumar","harry","anand"],
"ban_friends_id" :["Amir","Raja","mont"]});  

Example

The following createUser command creates a user myNewuser on the userdetails database. The command gives myNewuser the clusterAdmin and readAnyDatabase roles on the admin database and the readWrite role on the userdetails database:

db.getSiblingDB("userdetails").runCommand( { createUser: "myNewuser",
                                          pwd: "thisPassword",
                                          customData: { profession : "DOCTOR" },
                                          roles: [
                                                   { role: "clusterAdmin", db: "admin" },
                                                   { role: "readAnyDatabase", db: "admin" },
                                                   "readWrite"
                                                 ],
                                          writeConcern: { interest : "SPORTS" }
                                       } )            

Example: Create more user

The following createUser command creates a user myNewuser1 on the userdetails database. The command gives myNewuser1 the clusterAdmin and the readWrite role on the userdetails database:

db.getSiblingDB("userdetails").runCommand( { createUser: "myNewuser1",
                                          pwd: "thisPassword",
                                          customData: { profession : "DOCTOR" },
                                          roles: [
                                                   { role: "clusterAdmin", db: "admin" },
                                                   "readWrite"
                                                 ],
                                          writeConcern: { interest : "SPORTS" }
                                       } )            

Copy

If we type wrongly in the above statement myNewuser instead of myNewuser1 then the following error message as an output will appear beacuse the user already exists

{
        "ok" : 0,
        "errmsg" : "User "myNewuser@userdetails" already exists",
        "code" : 11000
}        

To see the User Information - usersInfo Command

The command usersInfo returns information about one or more users.

Syntax:

{ usersInfo: { user: , db: },
  showCredentials: ,
  showPrivileges:
}    

Parameters:

Name

Type

Description

usersInfo

various

The user(s) about whom to return information.

showCredentials

Boolean

Optional. If the field set to true the user’s password hash will be displayed, it is false by default.

showPrivileges

Boolean

Optional. If the field set to true to show the user’s full set of privileges, including expanded information for the inherited roles, it is false by default.

Example to View Specific User

To see information but not the credentials, for the user "myNewuser" defined in "userdetails" database, run the following command:

db.runCommand(
               {
                 usersInfo:  { user: "myNewuser", db: "userdetails" },
                 showPrivileges: false
               }
)     

Output:

{
        "users" : [
                {
                        "_id" : "userdetails.myNewuser",
                        "user" : "myNewuser",
                        "db" : "userdetails",
                        "customData" : {
                                "profession" : "DOCTOR"
                        },
                        "roles" : [
                                {
                                        "role" : "clusterAdmin",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readAnyDatabase",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readWrite",
                                        "db" : "userdetails"
                                }
                        ]
                }
        ],
        "ok" : 1
}    

Example to View Multiple User

To view info for several users, use an array, with or without the optional fields showPrivileges and showCredentials. For example:

db.runCommand( { usersInfo: [ { user: "myNewuser", db: "userdetails" }, 
                 { user: "myNewuser1", db: "userdetails" } ],
                 showPrivileges: false
                 } );     

Output:

{
        "users" : [
                {
                        "_id" : "userdetails.myNewuser",
                        "user" : "myNewuser",
                        "db" : "userdetails",
                        "customData" : {
                                "profession" : "DOCTOR"
                        },
                        "roles" : [
                                {
                                        "role" : "clusterAdmin",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readAnyDatabase",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readWrite",
                                        "db" : "userdetails"
                                }
                        ]
                },
                {
                        "_id" : "userdetails.myNewuser1",
                        "user" : "myNewuser1",
                        "db" : "userdetails",
                        "customData" : {
                                "profession" : "Engineer"
                        },
                        "roles" : [
                                {
                                        "role" : "clusterAdmin",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readWrite",
                                        "db" : "userdetails"
                                }
                        ]
                }
        ],
        "ok" : 1
}

Example to View All Users for a Database

To view all users on the database the following command can be used:

db.runCommand( { usersInfo: 1 , showCredentials : false} );  

Output:

{
        "users" : [
                {
                        "_id" : "userdetails.myNewuser",
                        "user" : "myNewuser",
                        "db" : "userdetails",
                        "customData" : {
                                "profession" : "DOCTOR"
                        },
                        "roles" : [
                                {
                                        "role" : "clusterAdmin",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readAnyDatabase",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readWrite",
                                        "db" : "userdetails"
                                }
                        ]
                },
                {
                        "_id" : "userdetails.myNewuser1",
                        "user" : "myNewuser1",
                        "db" : "userdetails",
                        "customData" : {
                                "profession" : "Engineer"
                        },
                        "roles" : [
                                {
                                        "role" : "clusterAdmin",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readWrite",
                                        "db" : "userdetails"
                                }
                        ]
                }
        ],
        "ok" : 1
}

If showCredential is true the output will be the following:

{
        "users" : [
                {
                        "_id" : "userdetails.myNewuser",
                        "user" : "myNewuser",
                        "db" : "userdetails",
                        "credentials" : {
                                "MONGODB-CR" : "28fcdbb5d879ccf086bd6404bd06b230"
                        },
                        "customData" : {
                                "profession" : "DOCTOR"
                        },
                        "roles" : [
                                {
                                        "role" : "clusterAdmin",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readAnyDatabase",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readWrite",
                                        "db" : "userdetails"
                                }
                        ]
                },
                {
                        "_id" : "userdetails.myNewuser1",
                        "user" : "myNewuser1",
                        "db" : "userdetails",
                        "credentials" : {
                                "MONGODB-CR" : "9b08b3a68eef34d462bdb2e5b2037438"
                        },
                        "customData" : {
                                "profession" : "Engineer"
                        },
                        "roles" : [
                                {
                                        "role" : "clusterAdmin",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readWrite",
                                        "db" : "userdetails"
                                }
                        ]
                }
        ],
        "ok" : 1
}

To Update the User Information - updateUser

Command

The updateUser command updates the profile of the user on the specific database. This command completely replaces the data of the previous field’s values. It is required to specify the updateUser field and at least one other field, other than writeConcern to update a user.

Syntax:

{ updateUser: "",
  pwd: "   customData: { },
  roles: [
    { role: "", db: "" } | "",
    ...
  ],
  writeConcern: { }
}   

Parameters:

Name

Type

Description

updateUser

string

The name of the user to update.

pwd

string

Optional. The user’s password.

customData

document

Optional. Any arbitrary information.

roles

array

Optional. The roles granted to the user. An update to the roles array replace the values of the previous array.

writeConcern

document

Optional. The write concern briefs the guarantee that MongoDB provides at the time of reporting on the success of a write operation. w: 1 as the default write concern.

 

Example

Here in below a user myNewuser in the userdetails database with the following user info:

{
        "users" : [
                {
                        "_id" : "userdetails.myNewuser",
                        "user" : "myNewuser",
                        "db" : "userdetails",
                        "customData" : {
                                "profession" : "DOCTOR"
                        },
                        "roles" : [
                                {
                                        "role" : "clusterAdmin",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readAnyDatabase",
                                        "db" : "admin"
                                },
                                {
                                        "role" : "readWrite",
                                        "db" : "userdetails"
                                }
                        ]
                }
        ]
  }   

Copy

The following updateUser command completely replaces the user’s customData and roles data:

use userdetails
db.runCommand( { updateUser : "myNewuser",
                 customData : { profession : "Classical Music" },
                 roles : [
                           { role : "read", db : "assets"  }
                         ]
             } )

Copy

Here is the output after update the user:

> db.runCommand(
                {
                  usersInfo:  { user: "myNewuser", db: "userdetails" },
                 showPrivileges: false
               }
);

{
        "users" : [
                {
                        "_id" : "userdetails.myNewuser",
                        "user" : "myNewuser",
                        "db" : "userdetails",
                        "customData" : {
                                "profession" : "Classical Music"
                        },
                        "roles" : [
                                {
                                        "role" : "read",
                                        "db" : "assets"
                                }
                        ]
                }
        ],
        "ok" : 1
}

Copy

To Drop the User Information - dropUser Command

The dropUser command is used to remove the user from the concern database.

Syntax:

{
  dropUser: "",
  writeConcern: { }
}

Parameters:

Name

Type

Description

dropUser

string

The name of the user to delete. This command will work only the database where the user exists.

writeConcern

document

Optional. The write concern briefs the guarantee that MongoDB provides at the time of reporting on the success of a write operation. w: 1 as the default write concern. .

Example

If we want to remove the user myNewuser1 from the userdetails database the following sequence of operations in the mongo shell can be used.

> use userdetails
switched to db userdetails
> db.runCommand( { dropUser: "myNewuser1"} );
  { "ok" : 1 }

Copy

Now if we want to view all the user for database userdetails the following result will appear where the user myNewuser1 will be excluded.

> db.runCommand( { usersInfo: 1 , showCredentials : false} );
{
        "users" : [
                {
                        "_id" : "userdetails.myNewuser",
                        "user" : "myNewuser",
                        "db" : "userdetails",
                        "customData" : {
                                "profession" : "Classical Music"
                        },
                        "roles" : [
                                {
                                        "role" : "read",
                                        "db" : "assets"
                                }
                        ]
                }
        ],
        "ok" : 1
}

Copy

To Drop All the Users Information - dropAllUsersFromDatabase Command

This command removes all users from the concern database on which you run the command.

Syntax:

{
dropAllUsersFromDatabase: 1,
writeConcern: { }
}

Parameters:

Name

Type

Description

dropAllUsersFromDatabase

integer

Specify 1 to drop all the users from the current database.

writeConcern

document

Optional. The write concern briefs the guarantee that MongoDB provides at the time of reporting on the success of a write operation. w: 1 as the default write concern.

Example

If we want to remove the user myNewuser1 from the userdetails database the following sequence of operations in the mongo shell can be used.

> use userdetails;
switched to db userdetails
> db.runCommand( { dropAllUsersFromDatabase: 1, writeConcern: { w: "majority" }});

Copy

Here is the output

{ "n" : 1, "ok" : 1 }

It means that the n field in the results document shows the number of users removed, here 1 user have been removed.

Now if we want to view the information of the user for database userdetails the following result will appear.

> db.runCommand( { usersInfo: 1 , showCredentials : false} );
{ "users" : [ ], "ok" : 1 }

Copy

To Grants additional roles to a user - grantRolesToUser Command

This command grants additional roles to a user.

Syntax:

{ grantRolesToUser: "",
  roles: [ ],
  writeConcern: { }
}

Parameters:

Name

Type

Description

grantRolesToUser

string

The name of the user to give additional roles.

roles

array

An array of additional roles to grant to the user.

writeConcern

document

Optional. The write concern briefs the guarantee that MongoDB provides at the time of reporting on the success of a write operation. w: 1 as the default write concern.

Example

Given a user myNewuser2 in the userdetails database with the following roles:

{
                        "_id" : "userdetails.myNewuser2",
                        "user" : "myNewuser2",
                        "db" : "userdetails",
                        "customData" : {
                                "profession" : "painter"
                        },
                        "roles" : [
                                {
                                        "role" : "read",
                                        "db" : "usertransact"
                                },
                                {
                                        "role" : "readWrite",
                                        "db" : "userdetails"
                                }
                        ]
                }

Copy

The following grantRolesToUser operation gives myNewuser2 the read role on the usertransact database and the readWrite role on the userdetails database.

{
                       "_id" : "userdetails.myNewuser2",
                       "user" : "myNewuser2",
                       "db" : "userdetails",
                       "customData" : {
                               "profession" : "painter"
                       },
                       "roles" : [
                               {
                                       "role" : "read",
                                       "db" : "usertransact"
                               },
                               {
                                       "role" : "read",
                                       "db" : "useraccount"
                               },
                               {
                                       "role" : "readWrite",
                                       "db" : "userdetails"
                               }
                       ]
               };

Copy

To Revoke Roles From a User - revokeRolesFromUser Command

This command is used to remove a one or more roles from a user on the database where the roles exist.

Syntax:

{ revokeRolesFromUser: "",
  roles: [
    { role: "", db: "" } | "",
    ...
  ],
  writeConcern: { }
}

Parameters:

Name

Type

Description

revokeRolesFromUser

string

The user to remove roles from.

roles

array

The roles to revoke from the user.

writeConcern

document

Optional. The write concern briefs the guarantee that MongoDB provides at the time of reporting on the success of a write operation. w: 1 as the default write concern.

Example

Given a user myNewuser2 in the userdetails database with the following roles:

      {
                       "_id" : "userdetails.myNewuser2",
                       "user" : "myNewuser2",
                       "db" : "userdetails",
                       "customData" : {
                               "profession" : "painter"
                       },
                       "roles" : [
                               {
                                       "role" : "read",
                                       "db" : "usertransact"
                               },
                               {
                                       "role" : "read",
                                       "db" : "useraccount"
                               },
                               {
                                       "role" : "readWrite",
                                       "db" : "userdetails"
                               }
                       ]
               };

Copy

To remove the two of the user’s roles such as the read role on the usertransact database and the readWrite role on the userdetails database the following sequence of commands can be used.

use userdetails;
db.runCommand( { revokeRolesFromUser: "myNewuser2",
                 roles: [
                          { role: "read", db: "usertransact" },
                          "readWrite"
                 ],
                 writeConcern: { w: "majority" }
             } );

Copy

The user myNewuser2 in the userdetails database now has only one remaining role:

{
                        "_id" : "userdetails.myNewuser2",
                        "user" : "myNewuser2",
                        "db" : "userdetails",
                        "customData" : {
                                "profession" : "painter"
                        },
                        "roles" : [
                                {
                                        "role" : "read",
                                        "db" : "useraccount"
                                }
                        ]
                }