Allowing Users to List Databases

I’ve been playing around with mongoDB’s v3. Before you had to create users inside every single database for restricting access. I can see various scenarios where such a model would have become a user management nightmare.

In the new version, I like how we can have all users in the admin DB and can manage access and privileges right from within there. A single point of management is always easy to keep straight.

That said, one extra step that I’d like to take for each of these users I create, is to allow them access to list the available databases in the server.

Why you ask? The reason is in some GUI based clients, you are unable to switch to a DB after authenticating using the admin DB. So in such cases, all you’ll have to do is create a role that just does that and assign it to the users you create.

Is this still secure? Yes, apart from listing the DBs, the user is unable to do much else if there are no other rights given.

To set this role up, first switch over to the admin DB by typing use admin; in the shell. Then run the following command.

db.createRole({ 
    "role" : "listAllDatabases", 
    "privileges" : [
        {
            "resource" : {
                "anyResource" : true
            }, 
            "actions" : [
                "listDatabases"
            ]
        }
    ], 
    "roles" : [

    ]
});