- Reference >
mongo
Shell Methods >- Database Methods >
- db.addUser()
db.addUser()¶
On this page
Deprecated since version 2.6: Use db.createUser()
and db.updateUser()
instead
of db.addUser()
to add users to MongoDB.
In 2.6, MongoDB introduced a new model for user
credentials and privileges, as described in
Security Introduction. To use db.addUser()
on MongoDB
2.4, see db.addUser() in the version 2.4 of the MongoDB Manual.
Definition¶
-
db.
addUser
(document)¶ Adds a new user on the database where you run the method. The
db.addUser()
method takes a user document as its argument:Specify a document that resembles the following as an argument to
db.addUser()
:The
db.addUser()
user document has the following fields:Field Type Description pwd
string The user’s password. The pwd
field is not required if you rundb.addUser()
on the$external
database to create users who have credentials stored externally to MongoDB.customData
document Optional. Any arbitrary information. This field can be used to store any data an admin wishes to associate with this particular user. For example, this could be the user’s full name or employee id. roles
array The roles granted to the user. Can specify an empty array []
to create users without roles.writeConcern
document Optional. The level of write concern for the creation operation. The writeConcern
document takes the same fields as thegetLastError
command.user
string The name of the new user. Users created on the
$external
database should have credentials stored externally to MongoDB, as, for example, with MongoDB Enterprise installations that use Kerberos.In the
roles
field, you can specify both built-in roles and user-defined role.To specify a role that exists in the same database where
db.addUser()
runs, you can either specify the role with the name of the role:Or you can specify the role with a document, as in:
To specify a role that exists in a different database, specify the role with a document.
Considerations¶
The db.addUser()
method returns a duplicate user error if
the user exists.
When interacting with 2.6 and later MongoDB instances,
db.addUser()
sends unencrypted passwords. To encrypt
the password in transit use SSL.
In the 2.6 version of the shell, db.addUser()
is backwards
compatible with both the 2.4 version of db.addUser() and the 2.2 version of db.addUser(). In 2.6, for backwards compatibility
db.addUser()
creates users that approximate the privileges
available in previous versions of MongoDB.
Example¶
The following db.addUser()
method creates a user Carlos
on the
database where the command runs. The command gives Carlos
the
clusterAdmin
and readAnyDatabase
roles on the admin
database
and the readWrite
role on the current database: