How To
- User dengan Read-Only akses ke semua database
use admin
db.createUser({
user: "readOnlyUser",
pwd: "password123",
roles: [{ role: "readAnyDatabase", db: "admin" }]
})
- User dengan Superuser/Root akses
use admin
db.createUser({
user: "superUser",
pwd: "superpassword123",
roles: [{ role: "root", db: "admin" }]
})
- User dengan akses Read-Only ke satu database
use yourDatabase
db.createUser({
user: "readOnlyOneDbUser",
pwd: "password123",
roles: [{ role: "read", db: "yourDatabase" }]
})
- User dengan akses Read-Write ke satu database
use yourDatabase
db.createUser({
user: "readWriteUser",
pwd: "password123",
roles: [{ role: "readWrite", db: "yourDatabase" }]
})
- Drop/hapus user
use admin
db.dropUser("username")
- Ganti password
use admin
db.updateUser("username", {
pwd: "newpassword123"
})
- Mengganti privileges user
use admin
db.updateUser("username", {
roles: [{ role: "read", db: "admin" }]
})
- Membatasi akses user ke collection tertentu saja
#kita mau batasi ke collection "users" dan "assets" saja
use database_yg_mau_dibatasi
db.createRole({
role: "specificCollectionsSajo",
privileges: [
{
resource: { db: "database_yg_mau_dibatasi", collection: "users" },
actions: ["insert", "update", "remove"]
},
{
resource: { db: "database_yg_mau_dibatasi", collection: "assets" },
actions: ["insert", "update", "remove"]
}
],
roles: []
})
db.createUser({
user: "xxx",
pwd: "xxxxxx",
roles: [
{
role: "specificCollectionsSajo",
db: "database_yg_mau_dibatasi"
}
]
})
Catatan:
- di MongoDB tidak bisa mengatur akses user by IP, di sini kamu bisa setting di
bindIPmongod.conf atau di settingan firewall