When you create a database user, you bring together both authentication and authorization. The key command used for this purpose is a database command, createUser(). Here is the generic syntax:
db.createUser( { user_document }, { writeConcern_document } )
Both the user and writeConcern documents are JSON documents with a number of parameters. The following table summarizes user_document parameters.
Parameter | Required | Notes |
user | Yes | Username in the form of a text string. |
pwd | Yes | Password in the form of a text string. When the password is actually stored in the database, it is first converted into a BCRYPT hash. MongoDB also allows you to insert a passwordPrompt() function in place of a text string. In this case, you are first prompted for the password before the insertion operation proceeds. |
roles | Yes | A list of one or more roles to be assigned to this user. |
customData | No | A JSON document with any additional information to store for this... |