How to set user access rights in MongoDB

1. Set authorization OFF in mongod.conf

First, you need to make sure that in /etc/mongod.conf option security.authorization is not set (if it is not present that means it is disabled) or it is set to “disabled”  so you can easily login to mongo without a user authorization in order to add mongo users and add them privileges on databases. Whenever you change mongod.conf you will need to restart mongo server.

2. Set user rights to manage all users to all databases

Here we will create mongo user with privileges to be an administrator of all users on all databases. This user doesn’t have any privileges to work with databases cannot even list collections they can only manage users.

  1. Start mongo server if it is not already started:
    $ sudo mongod -f /etc/mongod.conf
  2. Connect to the server with the mongo client terminal command (if the server is not localhost you will need to change params, localhost can be omitted):
    $ mongo --host localhost --port 27017
    # or
    $ mongo mongodb://localhost:27017
    # or for localhost and default port 27017 you can just type
    $ mongo
  3. In mongo console type following commands:
    > use admin
    switched to db admin
    > db.createUser(
       {
         user: "username",
         pwd: "password",
         roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
       }
     )

3. Set authorization ON and allow outbound connections in mongod.conf

Until now authorization was disabled and now we will enable it and allow only authorized users to access databases.

  1. Make sure that you have following line in /etc/mongod.conf to enable authorization
    security:
      authorization: enabled
  2. Allow outbound connection so you can connect on mongo server from the other networks and computers. Change bindIp from 127.0.0.1 to be 0.0.0.0 or just add IP address of your public network interface with comma separation (bindIp: 127.0.0.1,109.121.29.34):
    # network interfaces
    net:
      port: 27017
      bindIp: 0.0.0.0
  3. Restart mongo server.

4. Set user rights to allow user to read and write only one custom database

This is pretty much the same procedure like one described above for adding a user to be an administrator for all users except here we will use a custom database instead of admin database and add role readWrite instead of userAdminbAnyDatabase. This user has all read and write privileges on database test.

  1. Login with the terminal client by providing  previously created the user in step 2.3 which is allowed to do administration of users and database admin:
    $ mongo --host localhost --port 27017 -u username -p password admin
    # or
    $ mongo mongodb://username:password@localhost:27017/admin
    # or for localhost and default port just
    $ mongo -u username -p password admin
  2. Create a user with readWrite access to database test:
    > use test
    switched to db test
    > db.createUser(
       {
         user: "username2",
         pwd: "password2",
         roles: [ { role: "readWrite", db: "test" } ]
       }
     )
  3. Now you can login to database test with user username2:
    $ mongo mongodb://username2:password2@localhost:27017/test

5. Create super admin user with all privileges on all databases

  1. Login with user created in step 2.3.
    $ mongo mongodb://username:password@localhost:27017/admin
  2. Add super admin user:
    > db.createUser(
       {
         user: "superadminuser",
         pwd: "superadminpass",
         roles: ["userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase"]
       }
     )
    > db.grantRolesToUser('superadminuser',[{ role: "root", db: "admin" }])
    

6. Useful links

NodeJS Best Practices – Resources

nodejs-best-practices-1-728

This is a list of resources from another websites and blogs where you can find really useful information how to write better code in NodeJS including NodeJS design patterns.

I would also mention here paid video classes on CodeSchool which I have a have attended and found very useful:

How to setup StandardJS for Visual Studio Code – NodeJS and TypeScript

About

          visual_studio_code_icon_1x

This is a tutorial how to set StandardJS with Visual Studio Code to work with JavaScript and TypeScript.

StandardJS for JavaScript/NodeJS

  1. Open VS Code and install StandardJS extension. Press CTRL+P and type:
    ext install standardjs
  2. Disable default JavaScript validation in VS Code so standard can take that role. Go to menu File/Preferences/Settings or just press CTRL+, and add to settings.json following line:
    "javascript.validate.enable": false
  3. Open a terminal and install standard with the command:
    $ npm i -g --dev-save standard
  4. If you want to ignore specific files you can do that like in the following example where we added ignore for checking and formatting Angular2 bundle files. Add the following to package.json:
    "standard": {
      "ignore": [
        "*.bundle.js"
      ]
    }
  5. Restart VS Code
  6. Now you probably have a lot of unformatted code in a project, you can fix it by typing following command. After that, all .js files will be fixed against the standard you will need some parts to fix manually since this will fix the only indentation and remove semicolons.
    $ standard --fix

Additional – Add snazzy

  1. For better error reporting you can install snazzy:
    $ npm i -g --dev-save snazzy
  2. Usage in terminal:
    $ standard | snazzy
  3. Or you can create test task in the package.json with adding the following:
    "scripts": {
        ...
        "test": "standard | snazzy"
      }
  4. Like all other task scripts, you can run it with:
    $ npm run test

Standard for TypeScript

  1. Open VS Code and install TSLint extension. Press CTRL+P and type:
    ext install tslint
  2. Open a terminal and install TSLint configuration for standard rules with:
    $ npm i --dev-save tslint tslint-config-standard
  3. Create tslint.json file in a root of your project and insert following:
    {
      "extends": "tslint-config-standard"
    }
  4. To fix automatic formatting in VS Code for .ts files you need to add three more lines in settings.json:
    "editor.tabSize": 2,
    "typescript.format.insertSpaceBeforeFunctionParenthesis": true,
    "editor.detectIndentation": false
  5. Restart VS Code
  6. To fix existing files to follow standard rules you need to install global tslint and typescript:
    $ npm i -g tslint typescript
  7. And after that to run the command:
    $ tslint -c tslint.json assets/**/*.ts

Known issues

  • TypeScript constructor keyword doesn’t have space before opening brackets after code formating, which will report error by standard. Workaround is to put above constructor following line:
    // tslint:disable-next-line:space-before-function-paren
  • Automatic Imports with light bulp or CTRL+. will not follow standard rules. It will import with double quotes and semicolon at the end. Don’t know workaround for this if someone find solution please add it to comments.