SlideShare a Scribd company logo

MongoDB Security Users & Roles

Download as PPTX, PDF
Juan Antonio Roy Couto
Juan Antonio Roy Couto

A medieval journey across the security of MongoDB installations. Users, Roles, Encryption, Data, Keys, Authentication, Authorization, VPN, firewalls, read-only views, backup, Auditing, Monitoring

Data & Analytics
1 of 37
MongoDB Security (Users & Roles) MongoDB User Group 22 March 2017, Madrid
Who am I Juan Roy Twitter: @juanroycouto Email: juanroycouto@gmail.com MongoDB DBA at Grupo Undanet 2 MUG Madrid 22 March 2017
The Kingdom The Castle The King The Collaborators The Castle Goods The Emissary MongoDB - Characters 3 MUG Madrid 22 March 2017 The Moat of the Castle The Visitors The Auditor The Monitor The King without Kingdom
4 MUG Madrid 22 March 2017 The MongoDB Kingdom
If the security is not enabled at the castle everybody will be able to get into the rooms and take any goods. If the security is enabled nobody will be able to get into the castle before identifying. Companies outside the kingdom can deal with this. Without the secret key no castle will be able to join to the Kingdom. MongoDB - The Castle 5 MUG Madrid 22 March 2017
userAdminAnyDatabase He decides his collaborators (users) to do the tasks (actions) needed in each room of the castle. Creates, grants and revokes roles to its collaborators MongoDB - The King 6 MUG Madrid 22 March 2017
They must do specific tasks. They are not allowed to do any tasks that are not in their role. They only can work in their workplaces > db.createUser({ user: "uuuu", pwd: "pppp", roles: [ { role: "roleName", db: "dbName" } ] }); > db.system.users.find(); MongoDB - The Collaborators 7 MUG Madrid 22 March 2017
MongoDB - The Roles 8 MUG Madrid 22 March 2017 Roles must be standard. When a new collaborator is named assumes the role's tasks of the last one. In the role are written down the tasks to do and the places the tasks must be done by the King's collaborator (Kingdom, castle, database, etc). MongoDB offers built-in roles and the possibility to create new ones depending on our needs.
> db.createRole({ role: "roleName", privileges: [ { resource: { db : “dbName”, collection : “collectionName” }, actions: [ 'actionName' ] } ], roles: [ { role : 'fatherRole', db : 'dbName'} ] }); > db.grantRolesToUser(‘uuuu’, [ { role : ‘roleName’, db : ‘dbname’ } ]); > db.revokeRolesFromUser(‘uuuu’, [ { role : ‘roleName’, db : ‘dbname’ } ]); MongoDB - The Roles 9 MUG Madrid 22 March 2017
Castle assets (data) are guarded in rooms where nobody knows what's inside (disk encryption). To access the goods is necessary a key that has to match which the guardian has. MongoDB - The Castle Goods 10 MUG Madrid 22 March 2017
He carries the messages from one castle to another (Replica Set). These messages must be encrypted (network encryption). MongoDB - The Emissary 11 MUG Madrid 22 March 2017
Firewalls Limit incoming traffic on a specific port to specific systems and limit incoming traffic from untrusted hosts. Virtual Private Networks VPNs make possible to link two networks over an encrypted and limited-access trusted network. MongoDB - The Moat of the Castle 12 MUG Madrid 22 March 2017
read-only views The castle’s visitors (physical persons or apps) are allowed to view only the goods the King is interested in. > db.createView( 'viewName', 'originalCollection', [ { aggregationStages } ] ); MongoDB - The Visitors 13 MUG Madrid 22 March 2017
Auditing Records the following operations: CRUD Operations. Schema (DDL). Authentication & Authorization. Replica Set & Sharded Cluster. MongoDB - The Auditor 14 MUG Madrid 22 March 2017
Monitoring He monitors the goods exchanges and the state of the kingdom’s castles. From land (OPS Manager). And also from the air (Cloud Manager). MongoDB - The Monitor 15 MUG Madrid 22 March 2017
For those Kings without Kingdom exists a paradise (MongoDB Atlas) where they can: Rent the castles they need. With all the security measures. And fully monitored, both goods and castles. MongoDB - The King without Kingdom 16 MUG Madrid 22 March 2017
User Access Management MongoDB Authentication MongoDB Authorization MongoDB Auditing (forensic analysis) MongoDB Encryption (data protection over the network -TLS- and at-rest) Environmental & Process Control MongoDB Security Features 17 MUG Madrid 22 March 2017
Designed to confirm the identity of: Users. Administrators, Developers, etc. Software systems (apps, reporting tools, etc). Physical and logical nodes where the database runs on. Best practices: Create login credentials for each entity that will need access to the database. Enforce authentication between nodes. MongoDB Authentication 18 MUG Madrid 22 March 2017
MongoDB Authorization Resources<--Actions<--Privileges<--Roles-->Users Authorization governs what an User is allowed to do in the resource. Best practices: Grant minimal access to users (only to those they need to perform their functions). Group common access privileges into roles rather than having to define them individually for each user. Control access to sensitive data (restrict permissions to individual fields). 19 MUG Madrid 22 March 2017
MongoDB Auditing Auditing can detect: Attempts to access unauthorized data. Changes to database configuration for each entity, recording: Change action. Identity. Timestamp. Changes to data: Capture every query or write operation, filtering only those fields you need. 20 MUG Madrid 22 March 2017
MongoDB Encryption Encryption is the encoding of data, in transit or at rest, enabling only authorised users to read it. Encrypt Connections to the Database: Internal communications between castles. Connections via drivers or shell. Access to castles. Encrypt Data at Rest (On-disk encryption of the database’s data files). Sign and Rotate Encryption Keys (Encryption keys for network and disk encryption should be periodically rotated). 21 MUG Madrid 22 March 2017
Installation of firewalls. Network configurations. Defining file system permissions. Creation of physical access controls to the IT environment. DBA and Developer training. Database provisioning, monitoring and backup. Database maintenance. MongoDB Environmental and Process Control 22 MUG Madrid 22 March 2017
Configuration - mongod.conf Auth enables authorization to control users access to castle resources and its actions. ... security: keyFile: "/data/key/replicaset.key" authorization: "enabled" ... 23 MUG Madrid 22 March 2017
Configuration - Key file $ openssl rand -base64 755 > /data/key/replicaset.key $ chmod 400 /data/key/replicaset.key The key file stores the shared secret that MongoDB castles use to authenticate to each other in a County or Kingdom. 24 MUG Madrid 22 March 2017
Roles userAdminAnyDatabase clusterManager clusterMonitor backup restore dbAdmin readWrite read 25 MUG Madrid 22 March 2017
Roles - userAdminAnyDatabase The King. He can create users, roles and grant or revoke roles to any user. > use admin; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] }); 26 MUG Madrid 22 March 2017
Roles - clusterManager The King's architect who manage the configuration of the castles (Replica Set & Cluster). > use admin; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "clusterManager", db: "admin" } ] }); 27 MUG Madrid 22 March 2017
Roles - clusterMonitor Architect of the King who watches over the state of the kingdom (OPS & Cloud Manager). > use admin; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "clusterMonitor", db: "admin" } ] }); 28 MUG Madrid 22 March 2017
King’s Employee who stores its goods in a safe place outside the Kingdom. > use admin; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "backup", db: "admin" } ] }); Roles - backup 29 MUG Madrid 22 March 2017
King’s Employee who restores its goods when it is necessary. > use admin; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "restore", db: "admin" } ] }); Roles - restore 30 MUG Madrid 22 March 2017
Roles - dbAdmin Database Administrator > use test; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "dbAdmin", db: "test" } ] }); 31 MUG Madrid 22 March 2017
Castle’s visitors who exchange goods. > use test; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "readWrite", db: "test" } ] }); Roles - readWrite 32 MUG Madrid 22 March 2017
Castle’s visitors who only want to view what there is inside. > use test; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "read", db: "test" }, { role: "readWrite", db: "test2" } ] }); Roles - read 33 MUG Madrid 22 March 2017
Roles Each role is scoped to the database in which it has been created. A role can only include privileges that apply to its database and can only inherit from other roles in its database. A role created in the admin database can include privileges that apply to the admin database, other databases or to the cluster resource, and can inherit from roles in other databases as well as the admin database. > use admin; > db.system.roles.find(); 34 MUG Madrid 22 March 2017
Field-Level Security (Read-Only Views) Restrict access to sensitive data. Non-materialized views expose only a subset of data from a collection. This view is generated from an aggregation over another collection/s or view. Permissions granted against the view are specified separately from permissions granted to the underlying collection/s. > db.createView('viewName', 'originalCollection', [ { aggregationStages } ]); > db.system.views.find(); 35 MUG Madrid 22 March 2017
Questions? 36 MUG Madrid 22 March 2017
Thank you! Thank you for your attention! 37 MongoDB User Group 22 March 2017, Madrid

Recommended

Mongo db security guide
Mongo db security guideMongo db security guide
Mongo db security guideDeysi Gmarra
 
Introduction to Protractor - Habilelabs
Introduction to Protractor - HabilelabsIntroduction to Protractor - Habilelabs
Introduction to Protractor - HabilelabsHabilelabs
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4MongoDB
 
MongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationMongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationHabilelabs
 
MongoDB FabLab León
MongoDB FabLab LeónMongoDB FabLab León
MongoDB FabLab LeónJuan Antonio Roy Couto
 
MongoDB Schema Design Tips & Tricks
MongoDB Schema Design Tips & TricksMongoDB Schema Design Tips & Tricks
MongoDB Schema Design Tips & TricksJuan Antonio Roy Couto
 
Mongo db improve the performance of your application codemotion2016
Mongo db improve the performance of your application codemotion2016Mongo db improve the performance of your application codemotion2016
Mongo db improve the performance of your application codemotion2016Juan Antonio Roy Couto
 
MongoDB Workshop Universidad de Huelva
MongoDB Workshop Universidad de HuelvaMongoDB Workshop Universidad de Huelva
MongoDB Workshop Universidad de HuelvaJuan Antonio Roy Couto
 

Recommended

Mongo db security guide
Mongo db security guideMongo db security guide
Mongo db security guideDeysi Gmarra
 
Introduction to Protractor - Habilelabs
Introduction to Protractor - HabilelabsIntroduction to Protractor - Habilelabs
Introduction to Protractor - HabilelabsHabilelabs
 
Security Features in MongoDB 2.4
Security Features in MongoDB 2.4Security Features in MongoDB 2.4
Security Features in MongoDB 2.4MongoDB
 
MongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationMongoDB Security Introduction - Presentation
MongoDB Security Introduction - PresentationHabilelabs
 
MongoDB FabLab León
MongoDB FabLab LeónMongoDB FabLab León
MongoDB FabLab LeónJuan Antonio Roy Couto
 
MongoDB Schema Design Tips & Tricks
MongoDB Schema Design Tips & TricksMongoDB Schema Design Tips & Tricks
MongoDB Schema Design Tips & TricksJuan Antonio Roy Couto
 
Mongo db improve the performance of your application codemotion2016
Mongo db improve the performance of your application codemotion2016Mongo db improve the performance of your application codemotion2016
Mongo db improve the performance of your application codemotion2016Juan Antonio Roy Couto
 
MongoDB Workshop Universidad de Huelva
MongoDB Workshop Universidad de HuelvaMongoDB Workshop Universidad de Huelva
MongoDB Workshop Universidad de HuelvaJuan Antonio Roy Couto
 
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightDelhi Call girls
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxolyaivanovalion
 
ALSO dropshipping via API with DroFx.pptx
ALSO dropshipping via API with DroFx.pptxALSO dropshipping via API with DroFx.pptx
ALSO dropshipping via API with DroFx.pptxolyaivanovalion
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxolyaivanovalion
 
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxolyaivanovalion
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7Call Girls in Nagpur High Profile Call Girls
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Delhi Call girls
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...amitlee9823
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...amitlee9823
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...amitlee9823
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...SUHANI PANDEY
 
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...amitlee9823
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Riyadh +966572737505 get cytotec
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...amitlee9823
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfMarinCaroMartnezBerg
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

More Related Content

Recently uploaded

Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecurePooja Nehwal
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAroojKhan71
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightDelhi Call girls
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxolyaivanovalion
 
ALSO dropshipping via API with DroFx.pptx
ALSO dropshipping via API with DroFx.pptxALSO dropshipping via API with DroFx.pptx
ALSO dropshipping via API with DroFx.pptxolyaivanovalion
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxolyaivanovalion
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxolyaivanovalion
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxolyaivanovalion
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Delhi Call girls
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...amitlee9823
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...amitlee9823
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...amitlee9823
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...SUHANI PANDEY
 
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...amitlee9823
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...amitlee9823
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfMarinCaroMartnezBerg
 

Recently uploaded (20)

Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% SecureCall me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
Call me @ 9892124323 Cheap Rate Call Girls in Vashi with Real Photo 100% Secure
 
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Begur Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al BarshaAl Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
Al Barsha Escorts $#$ O565212860 $#$ Escort Service In Al Barsha
 
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 nightCheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
Cheap Rate Call girls Sarita Vihar Delhi 9205541914 shot 1500 night
 
Mature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptxMature dropshipping via API with DroFx.pptx
Mature dropshipping via API with DroFx.pptx
 
ALSO dropshipping via API with DroFx.pptx
ALSO dropshipping via API with DroFx.pptxALSO dropshipping via API with DroFx.pptx
ALSO dropshipping via API with DroFx.pptx
 
CebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptxCebaBaby dropshipping via API with DroFX.pptx
CebaBaby dropshipping via API with DroFX.pptx
 
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Saket (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Smarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptxSmarteg dropshipping via API with DroFx.pptx
Smarteg dropshipping via API with DroFx.pptx
 
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
(NEHA) Call Girls Katra Call Now 8617697112 Katra Escorts 24x7
 
Halmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFxHalmar dropshipping via API with DroFx
Halmar dropshipping via API with DroFx
 
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
Call Girls in Sarai Kale Khan Delhi 💯 Call Us 🔝9205541914 🔝( Delhi) Escorts S...
 
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
Chintamani Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore ...
 
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Thane West Call On 9920725232 With Body to body massage...
 
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
Vip Mumbai Call Girls Marol Naka Call On 9920725232 With Body to body massage...
 
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
VIP Model Call Girls Hinjewadi ( Pune ) Call ON 8005736733 Starting From 5K t...
 
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
Mg Road Call Girls Service: 🍓 7737669865 🍓 High Profile Model Escorts | Banga...
 
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get CytotecAbortion pills in Doha Qatar (+966572737505 ! Get Cytotec
Abortion pills in Doha Qatar (+966572737505 ! Get Cytotec
 
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Junnasandra Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
FESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdfFESE Capital Markets Fact Sheet 2024 Q1.pdf
FESE Capital Markets Fact Sheet 2024 Q1.pdf
 

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

MongoDB Security Users & Roles

  • 1. MongoDB Security (Users & Roles) MongoDB User Group 22 March 2017, Madrid
  • 2. Who am I Juan Roy Twitter: @juanroycouto Email: juanroycouto@gmail.com MongoDB DBA at Grupo Undanet 2 MUG Madrid 22 March 2017
  • 3. The Kingdom The Castle The King The Collaborators The Castle Goods The Emissary MongoDB - Characters 3 MUG Madrid 22 March 2017 The Moat of the Castle The Visitors The Auditor The Monitor The King without Kingdom
  • 4. 4 MUG Madrid 22 March 2017 The MongoDB Kingdom
  • 5. If the security is not enabled at the castle everybody will be able to get into the rooms and take any goods. If the security is enabled nobody will be able to get into the castle before identifying. Companies outside the kingdom can deal with this. Without the secret key no castle will be able to join to the Kingdom. MongoDB - The Castle 5 MUG Madrid 22 March 2017
  • 6. userAdminAnyDatabase He decides his collaborators (users) to do the tasks (actions) needed in each room of the castle. Creates, grants and revokes roles to its collaborators MongoDB - The King 6 MUG Madrid 22 March 2017
  • 7. They must do specific tasks. They are not allowed to do any tasks that are not in their role. They only can work in their workplaces > db.createUser({ user: "uuuu", pwd: "pppp", roles: [ { role: "roleName", db: "dbName" } ] }); > db.system.users.find(); MongoDB - The Collaborators 7 MUG Madrid 22 March 2017
  • 8. MongoDB - The Roles 8 MUG Madrid 22 March 2017 Roles must be standard. When a new collaborator is named assumes the role's tasks of the last one. In the role are written down the tasks to do and the places the tasks must be done by the King's collaborator (Kingdom, castle, database, etc). MongoDB offers built-in roles and the possibility to create new ones depending on our needs.
  • 9. > db.createRole({ role: "roleName", privileges: [ { resource: { db : “dbName”, collection : “collectionName” }, actions: [ 'actionName' ] } ], roles: [ { role : 'fatherRole', db : 'dbName'} ] }); > db.grantRolesToUser(‘uuuu’, [ { role : ‘roleName’, db : ‘dbname’ } ]); > db.revokeRolesFromUser(‘uuuu’, [ { role : ‘roleName’, db : ‘dbname’ } ]); MongoDB - The Roles 9 MUG Madrid 22 March 2017
  • 10. Castle assets (data) are guarded in rooms where nobody knows what's inside (disk encryption). To access the goods is necessary a key that has to match which the guardian has. MongoDB - The Castle Goods 10 MUG Madrid 22 March 2017
  • 11. He carries the messages from one castle to another (Replica Set). These messages must be encrypted (network encryption). MongoDB - The Emissary 11 MUG Madrid 22 March 2017
  • 12. Firewalls Limit incoming traffic on a specific port to specific systems and limit incoming traffic from untrusted hosts. Virtual Private Networks VPNs make possible to link two networks over an encrypted and limited-access trusted network. MongoDB - The Moat of the Castle 12 MUG Madrid 22 March 2017
  • 13. read-only views The castle’s visitors (physical persons or apps) are allowed to view only the goods the King is interested in. > db.createView( 'viewName', 'originalCollection', [ { aggregationStages } ] ); MongoDB - The Visitors 13 MUG Madrid 22 March 2017
  • 14. Auditing Records the following operations: CRUD Operations. Schema (DDL). Authentication & Authorization. Replica Set & Sharded Cluster. MongoDB - The Auditor 14 MUG Madrid 22 March 2017
  • 15. Monitoring He monitors the goods exchanges and the state of the kingdom’s castles. From land (OPS Manager). And also from the air (Cloud Manager). MongoDB - The Monitor 15 MUG Madrid 22 March 2017
  • 16. For those Kings without Kingdom exists a paradise (MongoDB Atlas) where they can: Rent the castles they need. With all the security measures. And fully monitored, both goods and castles. MongoDB - The King without Kingdom 16 MUG Madrid 22 March 2017
  • 17. User Access Management MongoDB Authentication MongoDB Authorization MongoDB Auditing (forensic analysis) MongoDB Encryption (data protection over the network -TLS- and at-rest) Environmental & Process Control MongoDB Security Features 17 MUG Madrid 22 March 2017
  • 18. Designed to confirm the identity of: Users. Administrators, Developers, etc. Software systems (apps, reporting tools, etc). Physical and logical nodes where the database runs on. Best practices: Create login credentials for each entity that will need access to the database. Enforce authentication between nodes. MongoDB Authentication 18 MUG Madrid 22 March 2017
  • 19. MongoDB Authorization Resources<--Actions<--Privileges<--Roles-->Users Authorization governs what an User is allowed to do in the resource. Best practices: Grant minimal access to users (only to those they need to perform their functions). Group common access privileges into roles rather than having to define them individually for each user. Control access to sensitive data (restrict permissions to individual fields). 19 MUG Madrid 22 March 2017
  • 20. MongoDB Auditing Auditing can detect: Attempts to access unauthorized data. Changes to database configuration for each entity, recording: Change action. Identity. Timestamp. Changes to data: Capture every query or write operation, filtering only those fields you need. 20 MUG Madrid 22 March 2017
  • 21. MongoDB Encryption Encryption is the encoding of data, in transit or at rest, enabling only authorised users to read it. Encrypt Connections to the Database: Internal communications between castles. Connections via drivers or shell. Access to castles. Encrypt Data at Rest (On-disk encryption of the database’s data files). Sign and Rotate Encryption Keys (Encryption keys for network and disk encryption should be periodically rotated). 21 MUG Madrid 22 March 2017
  • 22. Installation of firewalls. Network configurations. Defining file system permissions. Creation of physical access controls to the IT environment. DBA and Developer training. Database provisioning, monitoring and backup. Database maintenance. MongoDB Environmental and Process Control 22 MUG Madrid 22 March 2017
  • 23. Configuration - mongod.conf Auth enables authorization to control users access to castle resources and its actions. ... security: keyFile: "/data/key/replicaset.key" authorization: "enabled" ... 23 MUG Madrid 22 March 2017
  • 24. Configuration - Key file $ openssl rand -base64 755 > /data/key/replicaset.key $ chmod 400 /data/key/replicaset.key The key file stores the shared secret that MongoDB castles use to authenticate to each other in a County or Kingdom. 24 MUG Madrid 22 March 2017
  • 26. Roles - userAdminAnyDatabase The King. He can create users, roles and grant or revoke roles to any user. > use admin; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] }); 26 MUG Madrid 22 March 2017
  • 27. Roles - clusterManager The King's architect who manage the configuration of the castles (Replica Set & Cluster). > use admin; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "clusterManager", db: "admin" } ] }); 27 MUG Madrid 22 March 2017
  • 28. Roles - clusterMonitor Architect of the King who watches over the state of the kingdom (OPS & Cloud Manager). > use admin; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "clusterMonitor", db: "admin" } ] }); 28 MUG Madrid 22 March 2017
  • 29. King’s Employee who stores its goods in a safe place outside the Kingdom. > use admin; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "backup", db: "admin" } ] }); Roles - backup 29 MUG Madrid 22 March 2017
  • 30. King’s Employee who restores its goods when it is necessary. > use admin; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "restore", db: "admin" } ] }); Roles - restore 30 MUG Madrid 22 March 2017
  • 31. Roles - dbAdmin Database Administrator > use test; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "dbAdmin", db: "test" } ] }); 31 MUG Madrid 22 March 2017
  • 32. Castle’s visitors who exchange goods. > use test; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "readWrite", db: "test" } ] }); Roles - readWrite 32 MUG Madrid 22 March 2017
  • 33. Castle’s visitors who only want to view what there is inside. > use test; > db.createUser( { user: "uuuu", pwd: "pppp", roles: [ { role: "read", db: "test" }, { role: "readWrite", db: "test2" } ] }); Roles - read 33 MUG Madrid 22 March 2017
  • 34. Roles Each role is scoped to the database in which it has been created. A role can only include privileges that apply to its database and can only inherit from other roles in its database. A role created in the admin database can include privileges that apply to the admin database, other databases or to the cluster resource, and can inherit from roles in other databases as well as the admin database. > use admin; > db.system.roles.find(); 34 MUG Madrid 22 March 2017
  • 35. Field-Level Security (Read-Only Views) Restrict access to sensitive data. Non-materialized views expose only a subset of data from a collection. This view is generated from an aggregation over another collection/s or view. Permissions granted against the view are specified separately from permissions granted to the underlying collection/s. > db.createView('viewName', 'originalCollection', [ { aggregationStages } ]); > db.system.views.find(); 35 MUG Madrid 22 March 2017
  • 37. Thank you! Thank you for your attention! 37 MongoDB User Group 22 March 2017, Madrid