Mongoimport not working

I am having an issue with this lab. When I set the authenticationDatabase to applicationData, I get an error on SASL authentication, now, if I change it for “admin” it gets connected but I receive an inserting error an all the items being imported.

The mongoimport command is at the bottom of the picture

Hi,

–authenticationDatabase should be set to ‘admin’. Also you’re missing -d (–db) parameter which should be set to ‘applicationData’ database.

1 Like

Thank you viraj, that worked, I have a question, if the user and password are used to import into applicationData products collection, why do we need to specify the admin database in the authenticateDatabase?Does admin keeps all the users, passords and roles for all the databases or each single database store this information on their own? Thank you

@Ernesto_47832 I don’t believe its technically required as you can create users in any database AFAIK. I think its recommended for simplicity, ease of management to keep them in admin(or a single) database. For the purposes of the example(s) though they were all created in the admin database.

HTH,
Mike

Thank you Mike, this is very important for me to understand, so that means that any database is able to store any user information of any or all databases?

If that is the case, how can you segregate user permissions for different users/databases. Do you know where is this information stored inside the database? I thought that users information would be stored in the specific database where the authentication is taking place.

And if I may add, in a secure environment you would want to create different user databases for different department or division. For example:

If you have 2 divisions, accouting and management, you would want paul@accouting be able to create users in the accountingUsers db and john@management be able to create users in the managementUsers db. Otherwise, with a single user database, paul@accouting could create users and give them access to management db and john@management could create users and give them access to the accouting db. Both could be called userAdmin@ when the user is created in the respective user db.

1 Like

@Ernesto_47832I’m not aware that it physically stores in any place on the database you executed the create from. From looking at the admin database, there is system.users collection that gets updated even when you create the user on a different database, which is likely because the admin database needs to be available for management of the system.

That should be independent of how you structure your roles and users though, similar to what @steevej-1495 mentioned.

@Mike_67094 is correct. All users, even when created for other database, are stored in the admin database.

The db field indicate the authentication database of the user. The user _id field is a dot separated concatenation of the authentication database and the user name as seen from the output of db.system.users.find(…).

{
“_id” : “managementUsers.userAdmin”,
“user” : “userAdmin”,
“db” : “managementUsers”
}
{
“_id” : “accountingUsers.userAdmin”,
“user” : “userAdmin”,
“db” : “accountingUsers”
}

You can see the same output with the users’ role at https://pastebin.com/UseWYA5C.

Thank you all for your answers. All good now