Database users in MongoDB

Owned by Felix Schenkendorf
Last updated: 04.03.24 by Dominik Karch
6 min read

By default there is only 1 user created during the installation process of BVQ (default name: bvq, role: root). You can modify the user & password in the repository installer within the DB access screen.

This user afterwards is used by the BVQ services & UIs to connect to the database. Whenever you change the password of the user remeber to change it in the other BVQ modules (GUI DB connection profile, etc.)

Connect to MongoDB with mongo CLI

  1. Establish a connection to MongoDB

    mongosh -u bvq -p P@ssw0rd

    (default location of binaries = C:\Program Files\SVA\BVQ\bvq-mongodb\bin, put in PATH variable to access from outside the directory
    change username -u and password -p to your credentials)

Change the password of an existing user

  1. Establish a connection to MongoDB via mongo CLI (see Connect to MongoDB with mongo CLI)

  2. The user information is configured globally for the entire MongoDB within the admin DB, so you have to switch to this DB.
    List existing dbs with show dbs command

    PS C:\Users\XXX> mongo --authenticationDatabase admin -u bvq -p P@ssw0rd
MongoDB shell version v3.4.4
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.4
> show dbs
admin       0.000GB
bvq         0.401GB
local       0.000GB

  3. Switch to admin db with use admin

    > use admin
switched to db admin

  4. Use db.changeUserPassword() to change the password for the user logged in (see https://docs.mongodb.com/v3.4/reference/method/db.changeUserPassword/)

    db.changeUserPassword("bvq", "NEW_PASSWORD")

    In this example password is changed to NEW_PASSWORD for user bvq

  5. After executing this command the password will be changed

    PS C:\Users\XXX> mongo --authenticationDatabase admin -u bvq -p P@ssw0rd
MongoDB shell version v3.4.4
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.4
2017-12-05T18:50:07.771+0100 E QUERY    [thread1] Error: Authentication failed. :
DB.prototype._authOrThrow@src/mongo/shell/db.js:1459:20
@(auth):6:1
@(auth):1:2
exception: login failed
PS C:\Users\fschenke> mongo --authenticationDatabase admin -u bvq -p NEW_PASSWORD
MongoDB shell version v3.4.4
connecting to: mongodb://127.0.0.1:27017
MongoDB server version: 3.4.4
> exit
bye
PS C:\Users\XXX>

List existing users

  1. Establish a connection to MongoDB via mongo CLI (see Connect to MongoDB with mongo CLI)

  2. Switch to admin db with use admin

    > use admin
switched to db admin

  3. Use db.getUsers() to list existing users (see https://docs.mongodb.com/v3.4/reference/method/db.getUsers/)

    > db.getUsers()
[
        {
                "_id" : "admin.bvq",
                "user" : "bvq",
                "db" : "admin",
                "roles" : [
                        {
                                "role" : "root",
                                "db" : "admin"
                        }
                ]
        }
]

Create a user

  1. Establish a connection to MongoDB via mongo CLI (see Connect to MongoDB with mongo CLI)

  2. Switch to admin db with use admin

  3. Use db.createUser() to create a new user (see https://docs.mongodb.com/v3.4/reference/method/db.createUser/)

    > db.createUser({user: 'TEST_USER', pwd: 'TEST_PASSWORD', customData: { name: 'NAME OF TESTUSER' }, roles: ['readWriteAnyDatabase']})
Successfully added user: {
        "user" : "TEST_USER",
        "customData" : {
                "name" : "NAME OF TESTUSER"
        },
        "roles" : [
                "readWriteAnyDatabase"
        ]
}
>

    (see https://docs.mongodb.com/v3.4/core/security-built-in-roles/ for available roles in MongoDB)


  4. List users with db.getUsers() (see List existing users)

    > db.getUsers()
[
        {
                "_id" : "admin.TEST_USER",
                "user" : "TEST_USER",
                "db" : "admin",
                "customData" : {
                        "name" : "NAME OF TESTUSER"
                },
                "roles" : [
                        {
                                "role" : "readWriteAnyDatabase",
                                "db" : "admin"
                        }
                ]
        },
        {
                "_id" : "admin.bvq",
                "user" : "bvq",
                "db" : "admin",
                "roles" : [
                        {
                                "role" : "root",
                                "db" : "admin"
                        }
                ]
        }
]
>

Remove a user

  1. Establish a connection to MongoDB via mongo CLI (see Connect to MongoDB with mongo CLI)

  2. Switch to admin db with use admin

  3. Use db.dropUser() to delete an existing user (see https://docs.mongodb.com/v3.4/reference/method/db.dropUser/)

    > db.dropUser('TEST_USER')
true
>

  4. List users with db.getUsers() (see List existing users)

    > db.getUsers()
[
        {
                "_id" : "admin.bvq",
                "user" : "bvq",
                "db" : "admin",
                "roles" : [
                        {
                                "role" : "root",
                                "db" : "admin"
                        }
                ]
        }
]
>

    User TEST_USER was deleted successfully (user was created in Create an additional user)