1 00:00:02,400 --> 00:00:08,090 So back in the shell where I did create one user already, let's create another user 2 00:00:08,490 --> 00:00:14,540 and please remember I am logged in with my user we created earlier. 3 00:00:14,670 --> 00:00:19,800 Now I will log out or simply quit the mongo server because I want to show you an alternative way 4 00:00:19,800 --> 00:00:27,500 of logging in and that is that you type mongo then -u, then your username -p and your password 5 00:00:27,610 --> 00:00:30,990 and now don't hit enter because this would actually fail 6 00:00:31,140 --> 00:00:35,970 and the reason for this is this you create a user in a database part I mentioned 7 00:00:36,120 --> 00:00:41,190 and we created our single user we have right now in the admin database. 8 00:00:41,410 --> 00:00:47,610 Now we need to specify which database we did create a user in and we can do this with the help of 9 00:00:47,670 --> 00:00:54,580 let's see, with --help, with this command, with the authentication database here. 10 00:00:54,690 --> 00:00:56,740 So we need to add this command, 11 00:00:56,790 --> 00:00:58,050 so let's repeat this. 12 00:00:58,380 --> 00:01:05,610 I have -u Max -p max and then --authenticationDatabase and now it's admin 13 00:01:05,850 --> 00:01:09,370 and now if you hit enter, this should succeed and you are now already logged in 14 00:01:09,390 --> 00:01:12,060 so you don't need to run db auth again. 15 00:01:12,060 --> 00:01:18,530 So now this is another way of authenticating and the authentication database part here is really important. 16 00:01:18,540 --> 00:01:25,170 Now we want to create more users and I will first of all switch to the shop database and create a new user 17 00:01:25,350 --> 00:01:33,730 on this shop database with create user, then pass a document, define a username, I'll name it appdev, 18 00:01:33,910 --> 00:01:37,670 define a password with pwd and I'll name that dev, 19 00:01:37,710 --> 00:01:40,210 of course these values are totally up to you 20 00:01:40,390 --> 00:01:43,040 and then add roles and you can add multiple roles, 21 00:01:43,050 --> 00:01:44,460 I'll only add one 22 00:01:44,550 --> 00:01:46,780 and that will be readWrite. Now 23 00:01:46,800 --> 00:01:50,100 please note I'm in the shop database because I switch to it. 24 00:01:50,430 --> 00:01:54,200 Now if I hit enter, this works and I have a new user. 25 00:01:54,510 --> 00:02:02,440 We can now authenticate into that user with db auth, appdev is the username 26 00:02:02,490 --> 00:02:07,620 and dev is the password. If I hit enter, the one signals that 27 00:02:07,640 --> 00:02:08,720 this works 28 00:02:08,720 --> 00:02:11,080 and now let's try working with a collection. 29 00:02:11,180 --> 00:02:16,400 So here in the products collection, let's try to insert one element with the name of 30 00:02:19,260 --> 00:02:21,470 book. 31 00:02:21,520 --> 00:02:23,460 If I hit enter, I get an error that 32 00:02:23,470 --> 00:02:29,710 too many users are authenticated because actually, I did authenticate into my new user but I was still 33 00:02:29,700 --> 00:02:36,420 authenticated in my old user. Now to mitigate this, we should have run log out before switching the user. 34 00:02:36,640 --> 00:02:39,470 Now one of the quickest ways to fix this is simply to quit the 35 00:02:39,610 --> 00:02:42,610 mongo shell and then restart the mongo shell. 36 00:02:42,610 --> 00:02:46,900 Now important though, I want to log in with a different user right from the start 37 00:02:46,990 --> 00:02:50,520 and I can do this by of course switching my username here, appdev 38 00:02:50,980 --> 00:02:52,400 and also here, the password 39 00:02:52,450 --> 00:02:58,450 and now the authentication database also has to change because we created the new user on the shop, so 40 00:02:58,450 --> 00:03:00,230 I have to authenticate against shop. 41 00:03:00,340 --> 00:03:04,910 If I would try admin here, it would actually fail, against shop 42 00:03:04,990 --> 00:03:05,980 it will succeed. 43 00:03:07,190 --> 00:03:17,280 So now in there, let's try accessing our products and insert one new product with name, a book. 44 00:03:17,320 --> 00:03:19,740 If I hit enter, I get an error 45 00:03:20,000 --> 00:03:24,340 and do you know why? Well I'm in the wrong database, 46 00:03:24,350 --> 00:03:29,990 I did not switch to my shop database first, so we need to use the shop first before we try this command 47 00:03:30,230 --> 00:03:32,210 and now it will actually work as you can see. 48 00:03:32,450 --> 00:03:33,530 So this is important, 49 00:03:33,590 --> 00:03:40,970 the readWrite role was assigned to this user but since the user is part or was created on the shop 50 00:03:40,980 --> 00:03:48,770 database, the readWrite role by default also only gave us readWrite access to that shop database. 51 00:03:48,770 --> 00:03:56,570 Now this is one thing that assigning a user to a database does to you out of the box, you, any role you 52 00:03:56,570 --> 00:04:03,020 assign just like that to the user is then scoped to that database except for any database roles you 53 00:04:03,020 --> 00:04:05,640 saw on the previous slides 54 00:04:05,870 --> 00:04:09,680 and this of course gives us as an administrator a lot of flexibility. 55 00:04:09,710 --> 00:04:16,280 We can really create the users who are assigned to the databases they need to work with and we can assign 56 00:04:16,280 --> 00:04:21,200 them the roles they need, so that the users have to log in against the databases they should work with 57 00:04:21,470 --> 00:04:26,900 and they only have the role to work with that database then and this is often exactly what you want and 58 00:04:26,910 --> 00:04:32,920 the users don't even know the other databases even and in a big corporation with a lot of databases, 59 00:04:32,960 --> 00:04:35,520 this is typically the set up you want to have. 60 00:04:35,600 --> 00:04:41,210 Now of course you can still have the scenario that a user needs to be able to work with two databases 61 00:04:41,210 --> 00:04:43,700 and not just the one he authenticates against. 62 00:04:43,940 --> 00:04:46,640 And let's see how we can do this in the next lecture.