- create mongodb user
use admin
db.createUser({
user: "vmadmin",
pwd: "sml12345",
roles: ["userAdminAnyDatabase",
"dbAdminAnyDatabase",
"readWriteAnyDatabase"]
})
- create friggapp user
use frigg
db.createUser({
user: "friggapp",
pwd: "sml12345",
roles: [{ role: "readWrite", db: "frigg" }]
})
- create originalFormReadOnly role
use frigg
db.createRole(
{
role: "originalFormReadOnly",
privileges: [
{
resource: {
role: "read",
db: "frigg",
collection: "originalForm"
}, actions: ["find"]
}
],
roles: []
}
)
- create friggrep user
use frigg
db.createUser({
user: "friggrep",
pwd: "sml12345",
roles: [{
role: "originalFormReadOnly",
db: "frigg"
}]
})
- check for users and roles
use frigg
db.getUsers()
db.getRoles()
- Important: Add access control in mongdb.conf: /etc/mongod.conf
security:
authorization: enabled
- Authenticate frigg database
mongosh -u friggapp -p --authenticationDatabase frigg
- Mongodb aggregation framework - create originalForm view
db.data.aggregate([
{ $lookup: { from: "systemUsers", localField: "systemUser", foreignField: "_id", as: "systemUser" } },
{ $lookup: { from: "userGroups", localField: "userGroup", foreignField: "_id", as: "userGroup" } },
{ $lookup: { from: "types", localField: "type", foreignField: "_id", as: "type" } },
{ $unwind: "$systemUser" },
{ $unwind: "$userGroup" },
{ $unwind: "$type" },
{ $set: {
systemUser: "$systemUser.user",
userGroup: "$userGroup.group",
type: "$type.type"
}
}
])
- Frigg (friggapp)
mongodb://friggapp:*****@192.168.210.64:27017/?authSource=frigg&readPreference=primary&appname=MongoDB%20Compass&directConnection=true&ssl=false
- Frigg (friggrep)
mongodb://friggrep:*****@192.168.210.64:27017/?authSource=frigg&readPreference=primary&appname=MongoDB%20Compass&directConnection=true&ssl=false
- Root (Cluster admin)
mongodb://vmadmin:*****@192.168.210.64:27017/?authSource=admin&readPreference=primary&appname=MongoDB%20Compass&directConnection=true&ssl=false