Help Center> Document Database Service> User Guide> Database Management> Creating a Database Account Using Commands
View PDF

Creating a Database Account Using Commands

Scenarios

This section describes how to create a database account and change the account password using commands after the DDS DB instances are created.

When creating a database account for a specified DB instance, you are advised to enable the SSL connection to improve data security.

Constraints

If the existing DDS DB instances are of version 3.2, you cannot create database accounts for them. You can only change the password of the administrator account rwuser.

Prerequisites

A DDS DB instance has been connected. For details, see section "Connecting to a DB Instance Through a Public Network" and "Connecting to a DB Instance Through a Private Network" in Document Database Service Getting Started.

Account Description

To manage DDS DB instances, users root (or admin), monitor, and backup are automatically created when you create a DDS DB instance. Attempting to delete, rename, change the passwords, or change privileges for these accounts will result in errors.

You can change the password of the database administrator rwuser and any accounts you create.

Setting Password Strength for Database Accounts

  • The administrator password must meet the following password policy:
    • Contains 8 to 32 characters.
    • Must be a combination of uppercase letters, lowercase letters, digits, and special characters: ~!@#%^*-_=+?
  • The database user created on the client must meet the following password policy:
    • Contains 8 to 32 characters.
    • Must be a combination of uppercase letters, lowercase letters, digits, and special characters: ~@#%-_!*+=^?

When you create a DB instance, DDS automatically checks your password strength. You can change the password as user rwuser. For security reasons, you are advised to set up a strong password.

Creating an Account

  1. Run the following command to select the admin database:

    use admin

  2. Run the following command to create a database account (user1 as an example):

    db.createUser({user: "user1", pwd: "Test_12345", passwordDigestor:"server", roles:[{role: "root", db: "admin"}]})

    • server: indicates that the password is encrypted on the server.
    • Test_12345: indicates the example new password. The password must be 8 to 32 characters in length and contain uppercase letters, lowercase letters, digits, and special characters, such as ~@#%-_!*+=^?
    • roles restricts the rights of the account. If an empty array is specified, the account does not have any permission.

  3. Check the result:

    The account is successfully created if the following information is displayed:

    Successfully added user: {
        "user" : "user1",
        "passwordDigestor" : "server",
        "roles" : [
                {
                        "role" : "root",
                        "db" : "admin"
                }
        ]
}

Changing a Password

  1. Run the following command to select the admin database:

    use admin

  2. Uses user user1 as an example. Run the following command to change its password:

    db.updateUser("user1", {passwordDigestor:"server",pwd:"newPasswd12#"})

    • server: indicates that the password is encrypted on the server.
    • newPasswd12#: indicates the example new password. The password must be 8 to 32 characters in length and contain uppercase letters, lowercase letters, digits, and special characters, such as ~@#%-_!*+=^?

  3. Check the setting result. The password is successfully changed if the following information is displayed:

    • Cluster 
      mongos>
    • Replica set 
      replica:PRIMARY>
    • Single node 
      replica:PRIMARY>

Parent topic: Database Management