How Do I Avoid Orphaned Users in MongoDB

[Carlos]

We've got auth enabled on our replSet and I have a database called "cal2017" which currently has about 25 users w/ various roles granted to them. We noticed last maintenance that simply doing:

use cal2017
switched to db cal2017

db.dropDatabase()
{ "ok" : 1 }

Then I check my admin.system.users collection and I can see I have 25 orphaned users for the deleted database.

db.system.users.find( { _id : { $regex : /cal2017./ } } ).pretty()
{
 "_id" : "cal2017.cmennens",
 "user" : "cmennens",
 "db" : "cal2017",
 "credentials" : {...}
}

Is there a way to avoid having to remove x users from the database before I drop it? I can't imagine a DBA sitting there to script out removing all these users prior to doing a drop. Thanks for any info!

[Kevin Adistambha]

Hi Carlos

Is there a way to avoid having to remove x users from the database before I drop it? I can’t imagine a DBA sitting there to script out removing all these users prior to doing a drop.

You can use the command db.dropAllUsers() to achieve this. Please note that you must run this command from the associated database, and please execute this command with extreme care. Accidentally executing this command on the admin database would make your whole deployment inaccessible, with restoring from backup the only method to recover from this situation.

Additionally, you can use the command db.getUsers() to list all the users in a database.

Best regards,
Kevin

​