In this tutorial, we will see how to easily find and show all users that have been granted a specific role in MongoDB with Studio 3T (formerly MongoChef).
In MongoDB, users are defined for specific databases. Each user is then assigned a number of roles that in turn define the user’s privileges.
While MongoDB’s API makes it trivial to list all roles that a particular user has been granted, there is unfortunately no easy way for the reverse case where you want to find all users that have been granted a particular role, i.e. the role’s grantees.
Luckily, Studio 3T makes it very easy to find those users.
List MongoDB Roles
First off, connect to your MongoDB server as a user that has sufficient privileges to manage users and roles.
Then, simply select the database that contains the role for which you want to find all grantees.
Click the “Roles” icon in the toolbar.
Inspect Selected MongoDB Role
This will open the roles management tab for this database.
Here, you can see all the built-in and user-defined roles created for the database.
Now, simply select the role for which you want to see all the users that have been granted that role. In our case, that is the user-defined role “rwAdmin”.
Then click the “Edit” button.
View List of Users with the Selected Role
By default, In the “Granted To” tab, you can see all grantees from the same database that the role is defined in.
In our case, that is natalie, paul, peter, and richard.
If you want to see all users from all databases that have been granted role “rwAdmin”, click the “Refresh for all DBs” button.
That’s it! You can now see all users from all databases that have been granted the role “rwAdmin” on our database “test”.
Modify MongoDB Role
In this view, you can now even conceptually add new users to this role. For this, click the “Add” button.
In the new dialog, you can choose users from any database that you want to add to the role. Of course, users in MongoDB are not really added to a role. Rather, under the hood, the selected users will be granted the role instead. Click “Add” to add the selected users.
Now that you know how to find users granted a specific role, here’s a little refresh on how to grant roles to multiple users and how to authenticate users (because a secure MongoDB instance is a happy MongoDB instance 🙂 )
We hope these articles help you manage MongoDB roles and users like a pro!
Editor’s Note: This post was originally published in January 2015.