OPTIONS

Security Reference

Security Methods in the mongo Shell

Name Description
db.auth() Authenticates a user to a database.

User Management Methods

Name Description
db.createUser() Creates a new user.
db.addUser() Deprecated. Adds a user to a database, and allows administrators to configure the user’s privileges.
db.updateUser() Updates user data.
db.changeUserPassword() Changes an existing user’s password.
db.removeUser() Deprecated. Removes a user from a database.
db.dropAllUsers() Deletes all users associated with a database.
db.dropUser() Removes a single user.
db.grantRolesToUser() Grants a role and its privileges to a user.
db.revokeRolesFromUser() Removes a role from a user.
db.getUser() Returns information about the specified user.
db.getUsers() Returns information about all users associated with a database.

Role Management Methods

Name Description
db.createRole() Creates a role and specifies its privileges.
db.updateRole() Updates a user-defined role.
db.dropRole() Deletes a user-defined role.
db.dropAllRoles() Deletes all user-defined roles associated with a database.
db.grantPrivilegesToRole() Assigns privileges to a user-defined role.
db.revokePrivilegesFromRole() Removes the specified privileges from a user-defined role.
db.grantRolesToRole() Specifies roles from which a user-defined role inherits privileges.
db.revokeRolesFromRole() Removes a role from a user.
db.getRole() Returns information for the specified role.
db.getRoles() Returns information for all the user-defined roles in a database.

Security Commands in the mongo Shell

System Event Audit Commands

Name Description
logApplicationMessage Posts a custom message to the audit log.

User Management Commands

Name Description
createUser Creates a new user.
updateUser Updates a user’s data.
dropUser Removes a single user.
dropAllUsersFromDatabase Deletes all users associated with a database.
grantRolesToUser Grants a role and its privileges to a user.
revokeRolesFromUser Removes a role from a user.
usersInfo Returns information about the specified users.

Role Management Commands

Name Description
createRole Creates a role and specifies its privileges.
updateRole Updates a user-defined role.
dropRole Deletes the user-defined role.
dropAllRolesFromDatabase Deletes all user-defined roles from a database.
grantPrivilegesToRole Assigns privileges to a user-defined role.
revokePrivilegesFromRole Removes the specified privileges from a user-defined role.
grantRolesToRole Specifies roles from which a user-defined role inherits privileges.
revokeRolesFromRole Removes specified inherited roles from a user-defined role.
rolesInfo Returns information for the specified role or roles.
invalidateUserCache Flushes the in-memory cache of user information, including credentials and roles.

Security Reference Documentation

Built-In Roles
Reference on MongoDB provided roles and corresponding access.
system.roles Collection
Describes the content of the collection that stores user-defined roles.
system.users Collection
Describes the content of the collection that stores users’ credentials and role assignments.
Resource Document
Describes the resource document for roles.
Privilege Actions
List of the actions available for privileges.
Default MongoDB Port
List of default ports used by MongoDB.
System Event Audit Messages
Reference on system event audit messages.

Security Release Notes Alerts

Security Release Notes
Security vulnerability for password.