Authorization

Security is a paramount concern in any database system. MongoDB, a powerful NoSQL database, provides robust security features to secure your data. This article is designed to provide an easy-to-understand introduction to one of these features: Authorization.

What is Authorization?

In MongoDB, authorization is the mechanism that governs access to the database system. It controls what authenticated users can and cannot do, by associating user identities to roles. Each role grants privileges that define the operations that a user can perform on a MongoDB system.

Understanding MongoDB Roles

Roles grant permissions to perform various operations. MongoDB provides built-in roles that offer various levels of access over the data and commands in a MongoDB system. Some of these include:

read: Allows data read operations on the specified database.
readWrite: Allows data read and write operations on the specified database.
dbAdmin: Allows administrative operations on the specified database.
userAdmin: Allows management of user and role operations on the specified database.
clusterAdmin: Allows full administrative access to the cluster.

In addition to these, MongoDB allows you to create user-defined roles.

Creating a User with a Role

To create a user with a specific role, you can use the db.createUser() method. Here is an example:

use testDB
db.createUser(
  {
    user: "myUser",
    pwd: "myUser123",
    roles: [ { role: "readWrite", db: "testDB" } ]
  }
)

In this example, a user named myUser is created with the password myUser123. The user is granted the readWrite role in the testDB database.

Granting Additional Roles to a User

You can grant additional roles to a user using the db.grantRolesToUser() method. Here's how to grant the dbAdmin role to myUser:

db.grantRolesToUser(
    "myUser",
    [ { role: "dbAdmin", db: "testDB" } ]
)

Revoking Roles from a User

You can also revoke roles from a user using the db.revokeRolesFromUser() method. Here's how to revoke the dbAdmin role from myUser:

db.revokeRolesFromUser(
    "myUser",
    [ { role: "dbAdmin", db: "testDB" } ]
)

Checking User Roles

You can check the roles assigned to a user using the db.getUser() method. Here's how to check the roles assigned to myUser:

db.getUser("myUser")

Conclusion

Authorization in MongoDB is all about controlling access to your data. By understanding roles and how to assign them to users, you can effectively manage who can do what in your MongoDB system. As you progress in your MongoDB journey, you'll encounter more sophisticated ways to manage access, including role hierarchies and fine-grained access control. But for now, mastering the basics of authorization will take you a long way towards securing your MongoDB databases.

Authorization

What is Authorization?​

Understanding MongoDB Roles​

Creating a User with a Role​

Granting Additional Roles to a User​

Revoking Roles from a User​

Checking User Roles​

Conclusion​