Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-3199

Restrict user creation to admin only

    • Type: Icon: New Feature New Feature
    • Resolution: Duplicate
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: 1.8.1
    • Component/s: Security
    • None

      Feature:
      Restrict the creation of users to the admin only.

      Use Case:

      /* User can be added to DB test*/
      > use test
      switched to db test
      > db.addUser("thetest","xxx");
      {
      "_id" : ObjectId("4dd0a3aa7f39df02fe90fba7"),
      "user" : "thetest",
      "readOnly" : false,
      "pwd" : "6acce88bf52666bb832d0d51d5b4e94a"
      }

      /* User can be auth'ed and create data */
      > db.auth("thetest","xxx");
      1
      > db.foobar.save(

      {1:2}

      );
      > db.foobar.find();

      { "_id" : ObjectId("4debd8a54f5c3a55b982b97c"), "1" : 2 }

      /* This new user can now add another user in the test database - this should be prevented since they are not auth'ed to the admin database */
      > db.addUser("thetest2","boohoo");
      {
      "user" : "thetest2",
      "readOnly" : false,
      "pwd" : "0d2b4b28061638251db69fb85b32ee79"
      }

            Assignee:
            spencer@mongodb.com Spencer Brody (Inactive)
            Reporter:
            alvin Alvin Richards (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: