## Creating MongoDB Users And Roles

Be sure to start your MongoDB instance with the `--auth` flag 

In [1]:
from pymongo import MongoClient
from getpass import getpass

### Connect To Admin Database

In [2]:
mongodb_uri = "mongodb://localhost:27017/"
db_name = "admin"

In [3]:
client = MongoClient(mongodb_uri)
db = client[db_name]

### Creating Your First Admin User

In [4]:
db.command("createUser", "admin_user", pwd=getpass("New User Password"), roles = ["userAdminAnyDatabase"])

{'ok': 1.0}

##### Creating a new user in Mongo Shell:
```javascript
db.createUser({user: 'your_username', pwd: passwordPrompt(), roles: ['userAdminAnyDatabase']})
```

### Login Helper Function

In [14]:
client = None

def login(username=None, password=None, auth_source=None, host="localhost", port=27017):
    global client
    if username == None: username=input("User Name: ")
    if password == None: password=getpass("Enter Password: ")
    if auth_source == None: auth_source=input("Auth Source: ")

    client = MongoClient(host=host, port=port, authSource=auth_source)
    # client[auth_source].authenticate(username, password)

#### URI String Format:
``` python
"mongodb://your_user_name:your_password@localhost:27017/?authSource=db_name"
```

##### Logging In through the MongoDB Shell:

```javascript
use your_auth_source_db_name
db.auth("your_username")
```

### Login As Your New User

In [15]:
login()

In [16]:
client.list_database_names()

['admin',
 'aggregation_test',
 'config',
 'flights',
 'game',
 'hospital',
 'local',
 'my_store',
 'performance_db',
 'shop',
 'video_game']

In [17]:
db= client["shop"]
db.products.find_one({})

{'_id': ObjectId('66f7206c593ed3e07defb3af'),
 'name': 'Wireless Earbuds',
 'description': 'Bluetooth-enabled wireless earbuds with noise cancellation.',
 'price': 47.829600000000006}

### Create A User With Read/Write Privledges 

In [18]:
db = client["shop"]
db.command("createUser", "app_dev", pwd= getpass("New User Password"), roles=["readWrite"])

{'ok': 1.0}

In [19]:
login()

In [20]:
client.list_database_names()

['admin',
 'aggregation_test',
 'config',
 'flights',
 'game',
 'hospital',
 'local',
 'my_store',
 'performance_db',
 'shop',
 'video_game']

In [21]:
db = client["shop"]
db.products.find_one({})

{'_id': ObjectId('66f7206c593ed3e07defb3af'),
 'name': 'Wireless Earbuds',
 'description': 'Bluetooth-enabled wireless earbuds with noise cancellation.',
 'price': 47.829600000000006}

### Creating Custom Roles

In [22]:
### Log back into admin user account
login()

In [23]:
db = client["admin"]
db.command("grantRolesToUser", grantRolesToUser="admin_user", roles=["userAdmin"])

{'ok': 1.0}

##### Grant Roles To User in MongoDB Shell:

```javascript
db.grantRolesToUser( "your_username", [ "role_name_1", "role_name_2" ] )
```

In [27]:
db.command("createRole", 
           "product_data_analyst_role",
           privileges=[
               {
                   "resource": {"db": "shop", "collection":"products"},
                   "actions": ["find"]
               },
               {
                   "resource": {"db": "", "collection": ""},
                   "actions": ["changeOwnPassword", "changeOwnCustomData"]
               }
           ],
           roles=[]
           )

{'ok': 1.0}

##### Create a new Role in MongoDB Shell:
```javascript
db.createRole({role: 'your_role_name', 
               privileges: [{ 
                   resource: {db: "your_db_name", collection: "your_collection_name"}, 
                   actions: ["action_name_1", "action_name_2] 
               }],
               roles: [{role: "existing_role_name", db: "your_db_name"}]
              })
```

In [None]:
db.command("createUser", "Jess", 
            pwd= getpass("New User Password: "),
            roles=["product_data_analyst_role"],
            customData={"name": "Jessica Red", 
                        "role": "Data Analyst",
                        "email": "jess.r@company_name.com"}
           )

In [32]:
db.command("usersInfo", 1)

{'users': [{'_id': 'admin.Jess',
   'userId': Binary(b'\xbd\xff\x95\xe1\x92aE[\xaf\x15y\xc0\x01\xdd\x95\x8e', 4),
   'user': 'Jess',
   'db': 'admin',
   'customData': {'name': 'Jessica Red',
    'role': 'Data Analyst',
    'email': 'jess.r@company_name.com'},
   'roles': [{'role': 'product_data_analyst_role', 'db': 'admin'}],
   'mechanisms': ['SCRAM-SHA-1', 'SCRAM-SHA-256']},
  {'_id': 'admin.admin_user',
   'userId': Binary(b'#\xc94\x18\x90\xadD\x1c\xbbCg$\xc0\x17/\xe6', 4),
   'user': 'admin_user',
   'db': 'admin',
   'roles': [{'role': 'userAdminAnyDatabase', 'db': 'admin'},
    {'role': 'userAdmin', 'db': 'admin'}],
   'mechanisms': ['SCRAM-SHA-1', 'SCRAM-SHA-256']}],
 'ok': 1.0}

In [33]:
db.command("rolesInfo", 1, showPrivileges=True)

{'roles': [{'_id': 'admin.product_data_analyst_role',
   'role': 'product_data_analyst_role',
   'db': 'admin',
   'privileges': [{'resource': {'db': 'shop', 'collection': 'products'},
     'actions': ['find']},
    {'resource': {'db': '', 'collection': ''},
     'actions': ['changeOwnPassword', 'changeOwnCustomData']}],
   'roles': [],
   'isBuiltin': False,
   'inheritedRoles': [],
   'inheritedPrivileges': [{'resource': {'db': 'shop',
      'collection': 'products'},
     'actions': ['find']},
    {'resource': {'db': '', 'collection': ''},
     'actions': ['changeOwnPassword', 'changeOwnCustomData']}]}],
 'ok': 1.0}

In [34]:
login()

In [37]:
db = client["my_store"]
db.items.find_one({})

{'_id': ObjectId('66fb1781faf49d2160610652'),
 'name': 'Bag',
 'departments': ['School'],
 'versions': [{'color': 'Black', 'size': 'small', 'qty': 5, 'price': 17.79},
  {'color': 'Red', 'size': 'small', 'qty': 3, 'price': 18.23},
  {'color': 'Green', 'size': 'small', 'qty': 5, 'price': 20.03},
  {'color': 'Black', 'size': 'large', 'qty': 1, 'price': 41.23},
  {'color': 'Red', 'size': 'large', 'qty': 10, 'price': 46.82},
  {'color': 'Green', 'size': 'large', 'qty': 7, 'price': 45.43}]}

In [41]:
db = client["admin"]
db.command("updateUser", updateUser="Jess", pwd=getpass("Enter New Password: "))

{'ok': 1.0}

In [42]:
login()

### Deleting Users / Roles

##### Login as user with userAdmin role

In [43]:
login()

In [44]:
db = client["shop"]
db.command("dropUser", "app_dev")

{'ok': 1.0}

In [45]:
db = client["admin"]
db.command("dropUser", "Jess")

{'ok': 1.0}

In [46]:
db = client["admin"]
db.command("dropRole", "product_data_analyst_role")

{'ok': 1.0}

In [47]:
db = client["admin"]
db.command("dropUser", "admin_user")

{'ok': 1.0}