Updated on 2024-01-18 GMT+08:00

Updating a User

db.updateUser(username, update, writeConcern)

  • username indicates the username to be updated.
  • update is a document containing the replacement data for the user.
  • writeConcern: The write concern level of the update operation. This parameter is optional.
db.updateUser(
   "<username>",
   {
     customData : { <any information> },
     roles : [
       { role: "<role>", db: "<database>" } | "<role>",
       ...
     ],
     pwd: passwordPrompt(),      // Or  "<cleartext password>"
     authenticationRestrictions: [
        {
          clientSource: ["<IP>" | "<CIDR range>", ...],
          serverAddress: ["<IP>", | "<CIDR range>", ...]
        },
        ...
     ],
     mechanisms: [ "<SCRAM-SHA-1|SCRAM-SHA-256>", ... ],
     passwordDigestor: "<server|client>"
   },
   writeConcern: { <write concern> }
)
Table 1 update description

Field

Type

Description

customData

Documents

Optional. Any information.

roles

Array

Optional. The role assigned to the user. An update to the roles array overrides the previous array's values.

pwd

string

Optional. The user's password.

authenticationRestrictions

Array

Optional. The IP address or CIDR blocks that can be accessed by a role.

mechanisms

Array

Optional. The specific SCRAM mechanism or mechanisms for the user credentials. Valid values are SCRAM-SHA-1 and SCRAM-SHA-256.

passwordDigestor

string

Optional. Whether to verify the password on the server or client. The default value is server.

Example

  • Updating User Information

    The information about the appClient01 user in the products database is as follows:

    {
    	"_id" : "products.appClient01",
    	"token" : NumberLong("8424642624807814713"),
    	"user" : "appClient01",
    	"db" : "products",
    	"customData" : {
    		"empID" : "12345",
    		"badge" : "9156"
    	},
    	"roles" : [
    		{
    			"role" : "readWrite",
    			"db" : "products"
    		},
    		{
    			"role" : "read",
    			"db" : "inventory"
    		}
    	],
    	"mechanisms" : [
    		"SCRAM-SHA-1",
    		"SCRAM-SHA-256"
    	]
    }

    The following describes how to update the user-defined data and role data.

    use products
    db.updateUser( "appClient01",
    {
       customData : { employeeId : "0x3039" },
       roles : [
          { role : "read", db : "assets"  }
       ]
    } )

    The updated information about the appClient01 user in the products database is as follows:

    {
    	"_id" : "products.appClient01",
    	"token" : NumberLong("8424642624807814713"),
    	"user" : "appClient01",
    	"db" : "products",
    	"customData" : {
    		"employeeId" : "0x3039"
    	},
    	"roles" : [
    		{
    			"role" : "read",
    			"db" : "assets"
    		}
    	],
    	"mechanisms" : [
    		"SCRAM-SHA-1",
    		"SCRAM-SHA-256"
    	]
    }
  • Updating User Information to Be a User with Only the SCRAM-SHA-256 Certificate

    The information about the reportUser256 user in the reporting database is as follows:

    {
    	"_id" : "reporting.reportUser256",
    	"token" : NumberLong("2827251846225877395"),
    	"user" : "reportUser256",
    	"db" : "reporting",
    	"roles" : [ ],
    	"mechanisms" : [
    		"SCRAM-SHA-1",
    		"SCRAM-SHA-256"
    	]
    }

    The following describes how to change the current user with both SCRAM-SHA-256 and SCRAM-SHA-1 certificates to a user with only the SCRAM-SHA-256 certificate.

    • If the password is not specified with mechanisms, mechanisms can only be updated to a subset of the user's current SCRAM mechanism.
    • If the password is specified with mechanisms, you can specify any supported SCRAM mechanism.
    • For SCRAM-SHA-256, passwordDigestor must be set to the default value server.
    db.updateUser(
       "reportUser256",
       {
         mechanisms: [ "SCRAM-SHA-256" ]
       }
    )

    The updated information about the reportUser256 user in the reporting database is as follows:

    {
    	"_id" : "reporting.reportUser256",
    	"token" : NumberLong("2827251846225877395"),
    	"user" : "reportUser256",
    	"db" : "reporting",
    	"roles" : [ ],
    	"mechanisms" : [
    		"SCRAM-SHA-256"
    	]
    }