Thought leadership from the most innovative tech companies, all in one place.

How to Add Roles to Existing User in MongoDB

By Tek Loon on 2021-01-12

image

Scenario

Imagine you're a DevOps engineer and you are responsible to grant access to the database, which could be known as Database Administrator as well.

However, it's a new year and your company management decided to promote some of the potential team members to become the team leaders. 🎉🎉🎉

As you all known:

With great responsibility comes great power. — Mark Manson

The management informs you to update their database privileges as they previously offered read-only access to the database. If you're interested in how to create a read-only role for MongoDB, please read the post here. The management has asked you to grant them to write access too to all the databases since they're the team leader now.

Let's call them, “devA” and “devB”. In the next section, we would show the step-by-step guide on how to grant the read & write access to both users.

Step-by-Step Guide

Before we go into the detailed step on how to grant extra roles to the existing users. Here is the short and concise version of the steps.

  1. List all users in the admin database (If all your user is created inside admin database).

  2. Select the ‘user' field with a matching values of “devA” and “devB”.

  3. Use grantRolesToUser() function to give devA and devB users with the built-in role - readWriteAnyDatabase.

Step 1. List all users in the admin database

image

Step 2. Find the ‘user' field value

Look at the field name called user and found the value as we would need this in the next step. Refer to the example below:

[
  {
	  "_id" : "admin.devA",
	  "userId" : UUID("3195e205-704f-47ad-8869-d4c6add1d8ad"),
	  "user": "devA", # This is the value that we need in the next step
	  "db" : "admin",
	  "roles" : [
		  {
			  "role" : "read",
			  "db" : "client"
		  }
	  ],
	  "mechanisms" : [
		  "SCRAM-SHA-1",
		  "SCRAM-SHA-256"
	  ]
  }
]

Step 3. Use grantRolesToUser function to grant read & write roles

With the simple command below, you will be able to allow both users have read & write access to all the databases except local & config.

use admin;
db.grantRolesToUser('devA', ['readWriteAnyDatabase']);
db.grantRolesToUser('devB', ['readWriteAnyDatabase']);

However, if you would like to only give read & write access to a specific database. For e.g, you would like to give read & write access to the client database only. You can do it via the below code.

use admin;
db.grantRolesToUser('devB', [{ role: 'readWrite', db: 'client' }]);

Conclusion

In short, this post discussed:

  • How to add more roles to the existing users without creating a new one in MongoDB

  • How to add read & write access to all the databases to an existing user.

  • How to add read & write access to a single database only to an existing user.

Thank you for reading and see you in the next article.

References

  • MongoDB grantRolesToUser Manual

  • MongoDB Built-In Roles Manual


LinkedIn logo for sharing a link
Twitter logo for sharing a linkReddit logo for sharing a link


Continue Learning

Parsing post data 3 different ways in Node.js without third-party libraries

application/json, application/x-www-form-urlencoded, and multipart/form-data

How to Talk to a RabbitMQ Instance with Node.js and TypeScript

RabbitMQ, Node.js, and TypeScript all together

RSA Encryption in Node.js with Code Samples

A guide on RSA Encryption in Node.js with code samples.

Read/Write Excel File in Node.js using XLSX

How to Create Multi-Module Node.js Applications

How to Upload Files to Amazon S3 using Node.js