1 00:00:02,670 --> 00:00:09,480 Now after all the theory, let's finally start working with some users to get a feeling for how that works, 2 00:00:09,480 --> 00:00:15,540 how we can create and edit users and most importantly, how we can then work as a user because right 3 00:00:15,540 --> 00:00:17,040 now, we always worked with 4 00:00:17,040 --> 00:00:19,200 we have all rights mode turned on, 5 00:00:19,200 --> 00:00:23,350 now we will shrink that down to be in a more realistic environment. 6 00:00:23,610 --> 00:00:31,710 Users are created by a user with sufficient permissions with the create user command. 7 00:00:31,710 --> 00:00:34,770 You then create a user with a username and a password 8 00:00:34,770 --> 00:00:38,870 and as I mentioned, this user will have a couple of roles or one role, 9 00:00:38,910 --> 00:00:44,550 so at least one role and then each role will typically contain a bunch of privileges. 10 00:00:44,610 --> 00:00:50,580 Now a user is created on a database, so a user is attached to a database. 11 00:00:50,580 --> 00:00:56,640 Now this does not actually limit the access of the user to that database even though you might think 12 00:00:56,640 --> 00:01:02,370 it does but this is the database against which the user will have to authenticate, the exact rights 13 00:01:02,370 --> 00:01:06,060 the user then has depend on the roles you assigned to that user 14 00:01:06,090 --> 00:01:12,960 and even if a user authenticates against the shop database, the user might still have the role to work 15 00:01:12,960 --> 00:01:16,300 with all databases that exist in your mongodb environment 16 00:01:16,500 --> 00:01:22,140 and whilst this sounds strange right now, it is something which will become clearer over the next lectures 17 00:01:22,320 --> 00:01:26,870 and there, you will understand why we can assign users to different databases 18 00:01:26,910 --> 00:01:29,760 if that doesn't lock down their access. 19 00:01:29,760 --> 00:01:34,610 Now of course we cannot just create users, if we ever need to we can also update users. 20 00:01:34,620 --> 00:01:39,820 Now keep in mind update user here basically means that the administrator updates the user, 21 00:01:39,930 --> 00:01:44,750 so of course you can use that to for example change the password but you should then tell your user 22 00:01:44,750 --> 00:01:45,630 too. 23 00:01:46,260 --> 00:01:49,530 So this is how we create and edit users, 24 00:01:49,560 --> 00:01:56,730 now let's see that in practice. To see that in practice, let's bring up our mongo server again with the 25 00:01:56,730 --> 00:01:58,470 same command we used in the past 26 00:01:58,620 --> 00:02:07,590 but now I will add --auth here and --auth simply means that now you need to authenticate 27 00:02:07,710 --> 00:02:09,960 in order to work with that database. 28 00:02:09,960 --> 00:02:15,440 Previously we did not have that setting and that meant that everyone who connects is allowed to do everything, 29 00:02:15,600 --> 00:02:16,970 well now this ends, 30 00:02:17,070 --> 00:02:22,940 now if we start a server with that, we have a server that will require users to authenticate. 31 00:02:22,950 --> 00:02:29,160 Now with that server up and running, I switch to a new terminal window and now if I type mongo, you might 32 00:02:29,160 --> 00:02:35,250 have expected that this fails but actually we're still able to connect here because there are two different 33 00:02:35,250 --> 00:02:42,540 ways of signing in. You can now either sign in with db auth, this is a command which takes a username 34 00:02:42,600 --> 00:02:47,900 and a password but of course I haven't created any users yet so this won't work 35 00:02:47,970 --> 00:02:52,710 or you can indeed also sign in during the connection process, 36 00:02:52,710 --> 00:02:54,850 so now I quit my mongo process, 37 00:02:54,900 --> 00:03:02,580 you can add the -u key here or flag and then enter your username and -p for the password and 38 00:03:02,580 --> 00:03:04,400 then try connecting like this. 39 00:03:04,410 --> 00:03:06,920 Now I will show a couple of times throughout the lecture, 40 00:03:07,200 --> 00:03:10,230 for now let's connect to mongo like this 41 00:03:10,560 --> 00:03:12,720 and there is one problem 42 00:03:12,720 --> 00:03:13,920 we'll of course face, 43 00:03:13,950 --> 00:03:15,780 do you know which one it is? 44 00:03:18,560 --> 00:03:24,500 The problem we initially face of course is that now we connect it to a database that requires authentication 45 00:03:25,310 --> 00:03:26,830 and we got no user yet 46 00:03:26,870 --> 00:03:30,440 and indeed, if I type show dbs right now, I see nothing, 47 00:03:30,460 --> 00:03:36,050 the same for show collections, I get an error which basically is a cryptic way of telling me you are 48 00:03:36,050 --> 00:03:37,700 not allowed to do that. 49 00:03:38,180 --> 00:03:39,800 Now we got no user 50 00:03:39,920 --> 00:03:46,430 and mongodb has a special solution for that called the localhost exception. When connecting 51 00:03:46,490 --> 00:03:47,730 to your database 52 00:03:47,750 --> 00:03:55,400 in this state where you haven't added any users, you are allowed to add one user and that one user should 53 00:03:55,400 --> 00:04:01,220 of course be a user who is then allowed to create more users and to do this, you first of all should 54 00:04:01,220 --> 00:04:06,610 switch to the admin database and then run db create user. 55 00:04:06,740 --> 00:04:10,520 Now a user is created by passing a document into this function, 56 00:04:10,520 --> 00:04:15,690 the first argument should be user, the value here will be the username and I will use Max, 57 00:04:15,710 --> 00:04:17,500 you can type any name you want. 58 00:04:17,820 --> 00:04:23,680 Then separated by a comma because it's a new key in that document, you add the pwd, 59 00:04:23,740 --> 00:04:24,870 so the password 60 00:04:25,280 --> 00:04:27,830 and that also is a string up to you. 61 00:04:27,860 --> 00:04:33,470 Now you also need to add the roles and for that, you add a roles key which holds an array of roles. 62 00:04:33,470 --> 00:04:36,760 Now you can add multiple roles in different ways, 63 00:04:36,770 --> 00:04:38,740 for now there is one role you should add 64 00:04:38,780 --> 00:04:42,260 and I'll talk more about the available roles in a second 65 00:04:42,560 --> 00:04:47,570 and the role you should add is the user admin 66 00:04:47,660 --> 00:04:55,140 any database role. This is a special built-in role which will grant this user the right to administrate 67 00:04:55,290 --> 00:04:56,290 any database 68 00:04:56,400 --> 00:04:58,320 in this mongodb environment. 69 00:04:58,620 --> 00:05:03,380 Now if you hit enter, you should have successfully created that user, now if you type show dbs, 70 00:05:03,810 --> 00:05:07,020 you will suddenly see a different kind of error. 71 00:05:07,020 --> 00:05:11,810 Now what you will need to do is you now need to authenticate and you can do this with the auth command, 72 00:05:12,040 --> 00:05:17,730 so type Max, Max here if that were your credentials or whatever you did use and hit enter. 73 00:05:17,730 --> 00:05:19,700 Make sure you are in the admin database, 74 00:05:19,740 --> 00:05:24,380 so use admin first in case you switch to a different database in-between. 75 00:05:24,440 --> 00:05:26,430 So then you should be authenticated 76 00:05:26,870 --> 00:05:33,560 and now after being authenticated, you should be able to run show dbs and show collections 77 00:05:33,560 --> 00:05:34,350 but I got none 78 00:05:34,370 --> 00:05:36,680 but I also get no error anymore. 79 00:05:36,680 --> 00:05:41,590 So now we created one user and we created that user with this special role. 80 00:05:41,750 --> 00:05:47,750 Now before we create more users, let's talk about this special role and which built-in roles exist 81 00:05:47,810 --> 00:05:48,430 in general.