Master MongoDB Permissions: From Basic Users to Super Admins
This guide explains MongoDB permission levels, clarifies common misconceptions, and provides step‑by‑step commands to create ordinary, administrative, authorization, and super‑admin users, enable authentication, and verify read/write access across multiple databases.
MongoDB Permission Overview
MongoDB permissions are often misunderstood; the order of roles does not indicate increasing privilege, and only the root role has unrestricted access. Each role provides distinct capabilities.
Ordinary Users
read : Allows the user to read the specified database.
readWrite : Allows the user to read and write the specified database.
Administrative Users
dbAdmin : Enables management functions such as index creation, deletion, and viewing system.profile statistics in the specified database.
userAdmin : Allows creating, deleting, and managing users in the system.users collection.
clusterAdmin : Available only in the admin database; grants all sharding and replica‑set management privileges.
Authorization Users
readAnyDatabase : Grants read access to all databases (usable only in the admin database).
readWriteAnyDatabase : Grants read/write access to all databases (usable only in the admin database).
userWriteAnyDatabase : Grants the userAdmin role on all databases (usable only in the admin database).
dbAdminAnyDatabase : Grants the dbAdmin role on all databases (usable only in the admin database).
Super Administrator
The root role in the admin database provides unrestricted access.
Creating a Management User
After installing MongoDB, connect without a password, then create a user with the root role:
use admin
db.createUser({
user: "manage",
pwd: "123456",
roles: [{ role: "root", db: "admin" }]
})Enable authentication in mongod.conf by adding:
security:
authorization: enabled
javascriptEnabled: trueRestart MongoDB and reconnect using the new credentials:
mongo --host 192.168.31.215 --port 27018
use admin
db.auth('manage', '123456')Creating a Read/Write User
Example to create a user with the readWrite role on a specific database:
use admin
db.createUser({
user: "zhangsan",
pwd: "zhangsan",
roles: [{ role: "readWrite", db: "mongdb" }]
})Authenticate and verify the permissions by inserting a document and querying the collection.
Assigning Multiple Roles to a Single User
Example: grant user lisi read on 01db, readWrite on 02db, dbAdmin on 03db, and userAdmin on 04db:
use admin
db.auth('manage', '123456')
db.createUser({
user: "lisi",
pwd: "123456",
roles: [
{ role: "read", db: "01db" },
{ role: "readWrite", db: "02db" },
{ role: "dbAdmin", db: "03db" },
{ role: "userAdmin", db: "04db" }
]
})List all users with show users to verify the assigned roles.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
MaGe Linux Operations
Founded in 2009, MaGe Education is a top Chinese high‑end IT training brand. Its graduates earn 12K+ RMB salaries, and the school has trained tens of thousands of students. It offers high‑pay courses in Linux cloud operations, Python full‑stack, automation, data analysis, AI, and Go high‑concurrency architecture. Thanks to quality courses and a solid reputation, it has talent partnerships with numerous internet firms.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.