Hello,
There are two things that could be corrected with what you have tried:
1. The command line you executed:> mongodump —username backupuser —password password123 —db db1
lacks the --authenticationDatabase admin parameter. Assuming that the backupuser user has the correct privilege, the command should be:
mongodump --username backupuser --password password123 --db db1 --authenticationDatabase admin
This should point mongodump to the admin database where the user information are stored, and the dump should be successful.
db.createUser(
{
user: “backupuser”,
pwd: “password123”,
roles: [ {role:”read”, db:”db1”} ]
}
)
using the read role is only valid for the specified database (in this case, db1).
Although this will work with your specified use case, for a more generic backup role, you need to create a user with a backup privilege in the admin database as described in the Backup and Restoration Roles documentation. For example:
db.createUser(
{
user: "backupuser",
pwd: "password123",
roles: [ "backup" ]
}
)
Afterward, you should be able to backup any database in your server with the same command:
mongodump --username backupuser --password password123 --db db1 --authenticationDatabase admin
If you are still having issues, please let us know your specific versions of MongoDB and mongodump,
Best regards,
Kevin
Hi Lyn,
There are two parts of MongoDB authentication: username and authentication database.
From the Authentication Database documentation:
“The user’s name and authentication database serve as a unique identifier for that user. That is, if two users have the same name but are created in different databases, they are two separate users. If you intend to have a single user with permissions on multiple databases, create a single user with roles in the applicable databases instead of creating the user multiple times in different databases.“
Regarding your question:
Otherwise to be able to connect to DB1 using USER1, I need to create the user explicitly in DB1 again and provide password. But will this password need to be the same as the password of the user USER1 which was created in admin ??
The USER1 you create in the DB1 database (let’s call it DB1.USER1) and the USER1 you create in the admin database (let’s call it admin.USER1) are two different users.
Which one you need to create depends on the role that USER1 plays:
DB1 database (DB1.USER1)admin database (admin.USER1).In general, there are two categories of roles: database-specific roles, and server-wide roles.
For database-specific roles, you need to create the user in the database. The roles are:
read and readWrite.dbAdmin, dbOwner, and userAdmin.For database-specific users, you would need to pass the --authenticationDatabase DatabaseName to either mongodump or mongo executables.
For server-wide roles, you need to create the user in the admin database. These roles can only be created in the admin database:
An example of a server-wide role is the backup role; a user with backup role created in the admin database is the only user you need to perform backup of any database in the server. Since this user must be created in the admin database, you would need to pass the --authenticationDatabase admin to mongodump to perform any backup job.
Best regards,
Kevin