Advanced
Тема интерфейса

Creating a Database Account Using Commands

When you create a DDS instance, the system automatically creates the default account rwuser. You can use the default account rwuser to create other database accounts based on service requirements. Then, you can use the default account rwuser or other created accounts to perform operations on data in the database, such as databases, tables, and indexes.

Precautions

  • When creating a database account for a specified instance, you are advised to enable SSL to improve data security.
  • When creating a database account, configure passwordDigestor:"server". For details, see the official document.

Prerequisites

A DDS instance has been connected.

Account Description

  • When a DDS instance is created, users root, monitor, and backup are automatically created. Attempting to delete, rename, change the passwords, or change privileges for these accounts will result in errors.
  • You can change the password of the database administrator rwuser and any accounts you create.
  • The default user rwuser and users created by rwuser have limited permissions on system databases admin and config. They have all required permissions on the databases and tables created under them.
  • Generally, a MongoDB user is created in a specified authentication database. When connecting to a database, use --authenticationDatabase to specify the corresponding authentication database.
  • In a DDS instance, the default authentication database of user rwuser is admin.

Setting Password Strength for Database Accounts

  • The administrator password must meet the following password policy:
    • Contains 8 to 32 characters.
    • Must be a combination of uppercase letters, lowercase letters, digits, and special characters: ~!@#%^*-_=+?()$
  • The database user created on the client must meet the following password policy:
    • Contains 8 to 32 characters.
    • Must be a combination of uppercase letters, lowercase letters, digits, and special characters: ~@#%-_!*+=^?

When you create a DB instance or set a password, DDS automatically checks your password strength. If the password does not meet the complexity requirements, change the password as prompted.

Creating an Account

  1. Run the following command to select the admin database:

    use admin

  2. Run the following command to create a database account (user1 as an example):

    db.createUser({user: "user1", pwd: "****", passwordDigestor:"server", roles:[{role: "root", db: "admin"}]})

    • server indicates the password encrypted on the server. It has a fixed value and does not need to be changed.
    • ****: indicates the example new password. The password must be 8 to 32 characters in length and contain uppercase letters, lowercase letters, digits, and special characters, such as ~@#%-_!*+=^?
    • roles restricts the permissions of the account. If an empty array is specified, the account does not have any permission.

  3. Check the result:

    The account is successfully created if the following information is displayed:

    Successfully added user: {
    "user" : "user1",
    "passwordDigestor" : "server",
    "roles" : [
    {
    "role" : "root",
    "db" : "admin"
    }
    ]
    }

Changing a Password

  1. Run the following command to select the admin database:

    use admin

  2. Uses user user1 as an example. Run the following command to change its password:

    db.updateUser("user1", {passwordDigestor:"server",pwd:"newPasswd12#"})

    • server indicates the password encrypted on the server. It has a fixed value and does not need to be changed.
    • newPasswd12#: indicates the example new password. The password must be 8 to 32 characters in length and contain uppercase letters, lowercase letters, digits, and special characters, such as ~@#%-_!*+=^?
    • If the password contains any of the special characters @/%?# and is used in the MongoDB URL, escape the special characters in the URL and replace them with hexadecimal URL codes (ASCII codes).

  3. Check the setting result. The password is successfully changed if the following information is displayed:

    • Cluster
      mongos>
    • Replica set
      replica:PRIMARY>

Connecting to an Instance Using the Created Account

After a database account is created, it can be used to connect to the database. The operation details are as follows: