By default mongoDB access is public.
This is my note on setting up authentication, it is referred to mongoDB v 3.0.6 on Windows.
The command line parameter to start the service with authentication is:
(I’m sorry for all this space for writing two dash and a word but this shit of WordPress make it impossible in other ways)
From the same server you can connect to a database that is started with –auth but just for set up configuration (in older versions you could do more things).
You can create a user with the command db.createUser(…).
If you had just been connected you will receive an error which say you don’t have authorization.
You MUST change the current database to “admin” (use admin).
Now you can create a user, but just only one!
1) If you create a user without a password you are fucked.
2) If you create a user in the admin database you are fucked.
3) If you create a user without admin roles you are fucked.
Create that user and give it the “userAdmin” (or userAdminAnyDatabase or dbOwner).
After you have correctly created the user you must reconnect with authentication to create more user and in general to manage roles.
In the current session you cannot do nothing else.
You cannot create, update, delete user neither see users (with show users command).
To connect with authentication use the -u, -p and -authenticationDatabase parameters.
mongo localhost:27123 -u <username> -p <password> -authenticationDatabase admin
Q. Which permissison and roles are needed for execute show users command?