Security Reference

Security Methods in the mongo Shell

Name Description
db.auth() Authenticates a user to a database.

User Management Methods

Name Description
db.createUser() Creates a new user.
db.addUser() Deprecated. Adds a user to a database, and allows administrators to configure the user’s privileges.
db.updateUser() Updates user data.
db.changeUserPassword() Changes an existing user’s password.
db.removeUser() Deprecated. Removes a user from a database.
db.dropAllUsers() Deletes all users associated with a database.
db.dropUser() Removes a single user.
db.grantRolesToUser() Grants a role and its privileges to a user.
db.revokeRolesFromUser() Removes a role from a user.
db.getUser() Returns information about the specified user.
db.getUsers() Returns information about all users associated with a database.

Role Management Methods

Name Description
db.createRole() Creates a role and specifies its privileges.
db.updateRole() Updates a user-defined role.
db.dropRole() Deletes a user-defined role.
db.dropAllRoles() Deletes all user-defined roles associated with a database.
db.grantPrivilegesToRole() Assigns privileges to a user-defined role.
db.revokePrivilegesFromRole() Removes the specified privileges from a user-defined role.
db.grantRolesToRole() Specifies roles from which a user-defined role inherits privileges.
db.revokeRolesFromRole() Removes a role from a user.
db.getRole() Returns information for the specified role.
db.getRoles() Returns information for all the user-defined roles in a database.

Security Reference Documentation

Built-In Roles
Reference on MongoDB provided roles and corresponding access.
system.roles Collection
Describes the content of the collection that stores user-defined roles.
system.users Collection
Describes the content of the collection that stores users’ credentials and role assignments.
Resource Document
Describes the resource document for roles.
Privilege Actions
List of the actions available for privileges.
Default MongoDB Port
List of default ports used by MongoDB.
System Event Audit Messages
Reference on system event audit messages.

Security Release Notes Alerts

Security Release Notes
Security vulnerability for password.