How to create a user that does not have the possibility to delete the Mongo DB?

Navigation
0

I have created this type of user but with it I can do everything When doing:

  

what I do. 

use database
db.logout()   -----------> para asegurarme que no este logeado con ningun usuario

db.auth("restrictedUser", "password") ---------------------->ingreso con el usuario sin privilegios


db.getUser("restrictedUser", { showPrivileges: true})
  {
        "_id" : "beatsapp.restrictedUser",
        "user" : "restrictedUser",
        "db" : "beatsapp",
        "roles" : [ ],
        "inheritedRoles" : [ ],
        "inheritedPrivileges" : [ ],
        "inheritedAuthenticationRestrictions" : [ ]
    }
  

but I can create and delete 

db.createCollection("test");
db.test.drop();
    
asked by Juan Pablo Hernandez Guzman 17.04.2018 в 02:06
source

1 answer

1

When you create the user with db.createUser (user, writeConcern) , you can define the role that you will assign to it. In the syntax of the method, user is the document that defines the user and has the following form: 

{
  user: "<name>",
  pwd: "<cleartext password>",
  customData: { <any information> },
  roles: [
    { role: "<role>", db: "<database>" } | "<role>",
    ...
  ],
  authenticationRestrictions: [
     {
       clientSource: ["<IP>" | "<CIDR range>", ...]
       serverAddress: ["<IP>" | "<CIDR range>", ...]
     },
     ...
  ]
}

where in the field roles (array) go the roles granted to the user. These are the available roles: however you can also define own roles .

In your case, it would be, for example: 

{
  user: "restrictedUser",
  pwd: "password",
  customData: { <any information> },
  roles: ["read","beatsapp"],
  authenticationRestrictions: [
     {
       clientSource: ["<IP>" | "<CIDR range>", ...]
       serverAddress: ["<IP>" | "<CIDR range>", ...]
     },
     ...
  ]
}
    
answered by 17.04.2018 в 03:04
Angular form 5 typescript validate if there are matches in arrangements