MongoDB — Which Authentication Database should I use when creating users

Ops and Admin
#1

In Current Mongo Instance

Following the Mongo Best Practices : Users are created in system database(Admin) rather than respective database and made admin database as authorization database

But creating users in system database (admin) works fine when tested in standalone functions when checked with code(Docker) getting exceptions

Also before creating user used the command

switch to admin

connection string used:

mongodb:// :@xxxxxxx:27017/admin

Exception Received:

Caused by: com.mongodb.MongoCommandException: Command failed with error 263 (OperationNotSupportedInTransaction): 
'Cannot run command against the 'admin' database in a transaction.' on server xxxxxxxxxxx. 
The full response is {"operationTime": {"$timestamp": {"t": 1649307185, "i": 1}}, "ok": 0.0, "errmsg": "Cannot run command against the 'admin' database in a transaction.", 
"code": 263, "codeName": "OperationNotSupportedInTransaction", "$clusterTime": {"clusterTime": {"$timestamp": {"t": 1649307185, "i": 1}}, 
"signature": {"hash": {"$binary": {"base64": "AAAAAAAAAAAAAAAAAAAAAAAAAAA=", "subType": "00"}}, "keyId": 0}}}
#3

Hello @Arunkumar_s
Welcome to the Community Forum!!

It would be helpful if you could let us know the MongoDB version which you are using.
Also, from MongoDB 4.4, the following operations have been restricted in the transactions.

Please help us with the above version so that we could help you more.

Thanks
Aasawari

#4

Hi @Aasawari ,
Thanks for the reply!

Yes I am using Mongo 4.4 version and I trying simple ‘Insert’ .

#5

Hello @Arunkumar_s

Can you please help me with the create with the insert command that you are trying to use for the scenario?

Thanks
Aasawari

#6

Thanks Actaully this insert I am trying “Insert” from Java code.
From Java code when ran as standalone function I am getting no error. But run from code I am getting that exception.

public class DocDBDAOUtil {

@Autowired
MongoTemplate mongoTemplate;

@Transactional(rollbackFor = NullPointerException.class)
public void upsertSourceEntity(SourceEntity sourceEntity){

try{
log.info(“Starting upsertSourceEntity:: " + sourceEntity.getId());
Query query = new Query();
query.addCriteria(Criteria.where(”_id").is(sourceEntity.getId()));

Document doc = new Document();
mongoTemplate.getConverter().write(sourceEntity, doc);
Update update = Update.fromDocument(doc);
log.info("upsertSourceEntity :: " + sourceEntity.getId());
mongoTemplate.upsert(query, update, SourceEntity.class);

}catch (Exception e){
e.printStackTrace();
throw new NullPointerException(“Transeient Exception”);
}
}

}

#7

Hi @Arunkumar_s

Can you please let us know if the change in connection string from

to

mongodb://@xxxxxxxxx:27017/test?authSource=admin

This new URI will connect to test database while the other was connecting to the admin database.
The database names, admin, config and local are reserved to MongoDB internal usage and therefore we strongly recommend not to use the reserved database names.

However, since users are created in admin database and the new URI includes authSource=admin option. Please refer to the documentation here for authSource.

Let us know if you have any more queries regarding the same.

Thanks
Aasawari

#8

Hi Mam,
Many thanks for your reply. I understand that admin , config and local are reserved to MongoDB.
I am a beginner in Mongo.

My general doubt is which is the database we should actaully create users when we configure Mongo instance.

Some posts suggests that we should keep all users in one place(admin) so that there wont be any user creations happens in future somewhere new database is configured inside the same Mongo Instance.

Some posts suggests that we should create user in the respective database which we are creating .

Can you please clarify me on this
Best practice to create new users when Mongo db instance is configured first time.

#9

Hi @Arunkumar_s

The best practice is to use admin database but however you can also create users in specific databases if your use case needs it.
Please refer to the documentation here: Users

Thanks
Aasawari

#10

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.