0
0
MongoDBquery~10 mins

Creating users and roles in MongoDB - Visual Walkthrough

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Concept Flow - Creating users and roles
Start
Define Role
Create Role with Privileges
Define User
Create User with Roles
User Can Access Resources
End
First, define roles with specific permissions, then create users and assign these roles to control access.
Execution Sample
MongoDB
db.createRole({
  role: "readWriteReports",
  privileges: [{ resource: { db: "reports", collection: "" }, actions: ["find", "insert"] }],
  roles: []
});

db.createUser({
  user: "reportUser",
  pwd: "password123",
  roles: ["readWriteReports"]
});
This code creates a role with read and write access to the 'reports' database, then creates a user assigned to that role.
Execution Table
StepActionInputResultNotes
1Define Role{ role: "readWriteReports", privileges: [{ resource: { db: "reports", collection: "" }, actions: ["find", "insert"] }], roles: [] }Role 'readWriteReports' createdRole has find and insert privileges on 'reports' DB
2Create User{ user: "reportUser", pwd: "password123", roles: ["readWriteReports"] }User 'reportUser' created with role 'readWriteReports'User can perform find and insert on 'reports' DB
3User AccessUser 'reportUser' tries to insert document in 'reports' collectionSuccessUser has insert privilege via role
4User AccessUser 'reportUser' tries to delete document in 'reports' collectionFailureDelete not allowed by role privileges
5End--Execution stops after user creation and role assignment
💡 User creation and role assignment complete; user permissions enforced by assigned role
Variable Tracker
VariableStartAfter Step 1After Step 2Final
roleundefined{ name: "readWriteReports", privileges: [find, insert], roles: [] }{ name: "readWriteReports", privileges: [find, insert], roles: [] }{ name: "readWriteReports", privileges: [find, insert], roles: [] }
userundefinedundefined{ name: "reportUser", pwd: "password123", roles: ["readWriteReports"] }{ name: "reportUser", pwd: "password123", roles: ["readWriteReports"] }
Key Moments - 3 Insights
Why can't the user delete documents even though they can insert and find?
Because the role 'readWriteReports' only includes 'find' and 'insert' actions, not 'delete'. See execution_table row 4 where delete fails.
Can a role include other roles?
Yes, roles can inherit privileges from other roles by listing them in the 'roles' array. Here, the role has an empty 'roles' array (execution_table row 1).
What happens if you create a user without assigning any roles?
The user will have no permissions and cannot access any database resources. This is not shown here but is important to remember.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table at step 3. What action does the user 'reportUser' successfully perform?
AInsert a document in 'reports' collection
BDelete a document in 'reports' collection
CUpdate a document in 'reports' collection
DDrop the 'reports' database
💡 Hint
Check the 'Result' column at step 3 in the execution_table.
At which step does the role 'readWriteReports' get created?
AStep 2
BStep 3
CStep 1
DStep 4
💡 Hint
Look at the 'Action' column in the execution_table for role creation.
If the role included 'delete' in privileges, what would change in the execution_table?
AStep 3 would fail
BStep 4 would show 'Success' for delete action
CUser creation would fail
DRole creation would fail
💡 Hint
Refer to step 4 where delete currently fails due to missing privilege.
Concept Snapshot
Creating users and roles in MongoDB:
- Use db.createRole() to define roles with specific privileges.
- Privileges specify actions allowed on resources (databases/collections).
- Use db.createUser() to create users and assign roles.
- Users inherit permissions from assigned roles.
- Roles can include other roles for privilege inheritance.
Full Transcript
In MongoDB, you first create roles that define what actions are allowed on which databases or collections. For example, a role can allow reading and inserting documents in a specific database. Then, you create users and assign these roles to them. The user can then perform only the actions allowed by their roles. The execution table shows step-by-step how a role is created, then a user is created with that role, and how the user can perform allowed actions but not disallowed ones. Variables track the role and user objects as they are created. Key moments clarify common confusions like why a user cannot delete documents if the role does not allow it. The quiz tests understanding of these steps and permissions.