Help Center

Document Database Service

Product Introduction
Billing
Getting Started
User Guide
API Reference
Best Practices
Developer Guide
FAQs
Troubleshooting
Performance Whitepaper
Security Whitepaper
Download
Related Agreements

User Management

2025-07-28 08:30:34

Create User

Steps to create user

In DDS, you can use the createUser command or the db.createUser() method to create a user. Creating a user typically involves the following steps:

1.Connect to the DDS instance.

First, you need to connect to a DDS instance or cluster. You can use the mongo command or the DDS client to connect to a DDS instance.

2.Switch to the target database.

After connecting to the DDS instance, you need to switch to the target database. You can use the use command or the db.getSiblingDB() method to switch to the target database. For example, the following command switches to a database named mydb:

use mydb

3.Create User.

After switching to the target database, you can use the createUser command or the db.createUser(user,writeConcern) method to create a user. For example, the following command creates a user named myuser with a password of mypassword and grants readWrite permission:

db.createUser(
  {
    user: "myuser",
    pwd: "***********",
    roles: [ { role: "readWrite", db: "mydb" } ]
  }
)

This user myuser will have read and write permissions to the mydb database and can authenticate with the specified password. You can modify the user's name, password, and permissions as needed.

Specific format of createUser

The specific format for creating a user is as follows:

db.createUser(
    {
      user: "<name>",
      pwd: "<cleartext password>",
      customData: { <any information> },
      roles: [
        { role: "<role>", db: "<database>" } | "<role>",
        ...
      ],
      authenticationRestrictions: [
         {
           clientSource: ["<IP>" | "<CIDR range>", ...],
           serverAddress: ["<IP>" | "<CIDR range>", ...]
         },
         ...
      ]
      mechanisms: [ "<SCRAM-SHA-1|SCRAM-SHA-256>", ... ],
      passwordDigestor: "<server|client>"
    }
)

Parameter description:

Field

Type

Description

user

string

User name.

pwd

string

User password, if you create a user using db.createUser() on the $external database and store the credentials outside DDS, the password field (pwd) is not required.

customData

Documentation

This field can be used to store any data that the administrator wants to associate with this specific user. For example, this could be the user's identity ID.

roles

Array

User role. Here you can specify an empty array[] to create a user without a role.

authenticationRestrictions

Array

Authentication restriction is a rule enforced by the server on created user, which is used to specify the IP addresses or IP address ranges a role can access.

mechanisms

Array

User credential, which can be created by specifying a specific SCRAM mechanism. Available mechanisms include SCRAM-SHA-1 and SCRAM-SHA-256.

passwordDigestor

string

Indicates whether the password is verified on the server or client side, the default is server.

Update User

Steps to update user

In DDS, you can use the updateUser command or the db.updateUser(username, update, writeConcern) method to update user information. Updating a user typically involves the following steps:

1.Confirm the user to be updated.

First, you need to confirm the name and current configuration information of the user to be updated. You can use the db.getUser() command or db.runCommand({ usersInfo: { user: "", db: "" }, showCredentials: true }) method to get the user's configuration information. For example, the following command gets the configuration information of a user named myuser in the mydb database:

db.runCommand({ usersInfo: { user: "myuser", db: "mydb" }, showCredentials: true })

2.Update user.

After confirming that you want to update the user, you can use the updateUser command or the db.updateUser() method to update the user. For example, the following command updates the password of the user named myuser to newpassword:

db.updateUser("myuser", { pwd: "newpassword" })

Specific template of updateUser

db.updateUser(
   "<username>",
   {
     customData : { <any information> },
     roles : [
       { role: "<role>", db: "<database>" } | "<role>",
       ...
     ],
     pwd: passwordPrompt(),      // Or  "<cleartext password>"
     authenticationRestrictions: [
        {
          clientSource: ["<IP>" | "<CIDR range>", ...],
          serverAddress: ["<IP>", | "<CIDR range>", ...]
        },
        ...
     ],
     mechanisms: [ "<SCRAM-SHA-1|SCRAM-SHA-256>", ... ],
     passwordDigestor: "<server|client>"
   },
   writeConcern: { <write concern> }
)

For the above parameters, see Developer Guide - Database Permission Management - User Management - Create User.



The previous article -  Role Management
The next article -  System collection
3sPylJ0bTwUr