It it require to create authentication always on admin db?

Hi,

While setting up replica set, we are creating user using below commands
use admin
db.createUser({
user: “m103-admin”,
pwd: “m103-pass”,
roles: [
{role: “root”, db: “admin”}
]
})
But suppose I have a database say “test” and I want to setup authentication only for this database and not other databases. How can I setup this case ?

Hello,

You can create users on other databases than admin, just bear in mind that you have to specify this database with the parameter --authenticationDatabase when you are connecting, if not specified it will use the database in the connection string.

However, you cannot create a user with “root” built in role in a database other than admin, this is mentioned in the documentation link below:

" MongoDB provides the built-in database user and database administration roles on every database. MongoDB provides all other built-in roles only on the admin database."

Check the below example please as I created the user m103-admin user on “test” database with “read” privileges:

MongoDB Enterprise M040:PRIMARY> use test
switched to db test
MongoDB Enterprise M040:PRIMARY> db.createUser({
... user: "m103-admin",
... pwd: "m103-pass",
... roles: [
... {role: "read", db: "test"}
... ]
... })
Successfully added user: {
	"user" : "m103-admin",
	"roles" : [
		{
			"role" : "read",
			"db" : "test"
		}
	]
}

If I try to connect without specifying --authenticationDatabase it fails:

# mongo -u m103-admin -p m103-pass
MongoDB shell version v4.0.28
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
2022-10-19T08:29:03.943+0000 E QUERY    [js] Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:356:17
@(connect):2:6
exception: connect failed

When specifying --authenticationDatabase it connects successfully:

# mongo -u m103-admin -p m103-pass --authenticationDatabase test
MongoDB shell version v4.0.28
connecting to: mongodb://127.0.0.1:27017/?authSource=test&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("ea653259-af7e-4b68-90d4-9c7d873172c3") }
MongoDB server version: 4.0.28
Server has startup warnings: 
2022-10-19T08:26:16.272+0000 I CONTROL  [initandlisten] 
2022-10-19T08:26:16.272+0000 I CONTROL  [initandlisten] ** WARNING: Access control is not enabled for the database.
2022-10-19T08:26:16.272+0000 I CONTROL  [initandlisten] **          Read and write access to data and configuration is unrestricted.
2022-10-19T08:26:16.272+0000 I CONTROL  [initandlisten] ** WARNING: You are running this process as the root user, which is not recommended.
2022-10-19T08:26:16.272+0000 I CONTROL  [initandlisten] 
2022-10-19T08:26:16.272+0000 I CONTROL  [initandlisten] 
2022-10-19T08:26:16.272+0000 I CONTROL  [initandlisten] ** WARNING: /sys/kernel/mm/transparent_hugepage/enabled is 'always'.
2022-10-19T08:26:16.272+0000 I CONTROL  [initandlisten] **        We suggest setting it to 'never'
2022-10-19T08:26:16.272+0000 I CONTROL  [initandlisten] 
2022-10-19T08:26:16.272+0000 I CONTROL  [initandlisten] ** WARNING: soft rlimits too low. rlimits set to 2938 processes, 65000 files. Number of processes should be at least 32500 : 0.5 times number of files.
2022-10-19T08:26:16.272+0000 I CONTROL  [initandlisten] 
MongoDB Enterprise M040:PRIMARY> show dbs
admin   0.000GB
config  0.000GB
local   0.001GB
m040    0.000GB
sensor  0.000GB
test    0.000GB
MongoDB Enterprise M040:PRIMARY> use test
switched to db test
MongoDB Enterprise M040:PRIMARY> db.products.find()
{ "_id" : ObjectId("634fb50b6a043adc6352fde2"), "x" : 1 }
MongoDB Enterprise M040:PRIMARY> exit
bye

Please also review the documentation about authentication options:

I hope you find this helpful.

5 Likes

@Mohamed_Elshafey This is very helpful. One more question in turn, is there any specific case when I complulsory have to create role for admin database ?

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.