my question is - is it possible to define user in the Mongo database who will be able to drop the database? Maximum user privilege is "dbAdmin" but that privilege doesn't allow users to drop the database, only collections can be dropped.
I know that "clusterAdmin" has rights to drop the database, but that role can't be defined in regular database, only in admin database...
4 Answers 4
No, it is not currently possible (in version 2.4) to create such a user/permission.
Permissions on a specific database grant permissions on entities contained in that database, but not on the database itself. Cluster level permission is needed to create or drop databases.
Reference: http://docs.mongodb.org/manual/reference/user-privileges/#database-administration-roles
Grant your user the "root" role and you will be able to delete the dbs. You do NOT have to disable authentication to do this, as long as you have an admin account this will work.
use admin;
db.grantRolesToUser("adminUser", ["root"]);
Now delete the database
use databaseToDelete;
db.dropDatabase();
One could use the dbOwner role
The database owner can perform any administrative action on the database. This role combines the privileges granted by the readWrite, dbAdmin and userAdmin roles.
E.g: creating a user:
db.createUser(
{
user: "myusername",
pwd: "mypassword-to-change",
roles: [
{
role: "dbOwner",
db: "mydatabase"
}
]
}
)
Though the answer from Asya will work, one quick way is to remove authentication from mongod.conf or start the server without authentication.
Then go to the database and drop the database. Restart the server with authentication.