• Document Database Service

dds
  1. Help Center
  2. Document Database Service
  3. User Guide
  4. Getting Started
  5. Managing Database Accounts

Managing Database Accounts

Scenarios

This section guides you through how to create a database account and change the account password to manage the instances you created.
NOTE:

When creating a database account for a specified DB instance, you are advised to enable the SSL connection to improve data security.

Prerequisites

The DDS DB instance has been connected. For details, see section Connecting to a DB Instance.

Account Description

To provide management services for DDS DB instances, users root, monitor, and backup are created when you create a DDS DB instance. Attempting to delete, rename, change the passwords, or change privileges for these accounts will result in errors.

You can change the password of the database administrator rwuser and any accounts you create.

Setting Password Strength for Database Accounts

  • For details on the database password strength requirements of the DDS console, see Table 4.
  • The DDS instance database uses comprehensive password security policies. The password of a DDS instance database account must meet the following conditions:
    • 8 to 32 characters in length
    • A combination of uppercase letters, lowercase letters, digits, and special characters: ~!@#%^*-_=+?

When you create DB instances, your password strength is checked. You can modify password strength as user rwuser. For security reasons, you are advised to set your password to equal or greater strength of the original one.

Creating an Account

  1. Run the following command to select the admin database:

    use admin

  2. Run the following command to create a database account (user1 as an example):

    db.createUser({user: "user1", pwd: "Test_12345", passwordDigestor:"server", roles:[{role: "root", db: "admin"}]})

    • server: indicates that the password is encrypted on the server.
    • Test_12345: indicates the example new password. The password must be 8 to 32 characters in length and contain uppercase letters, lowercase letters, digits, and special characters, such as ~@#%-_!*+=^?
    • roles restricts the rights of the account. If an empty array is specified, the account does not have any permission.

  3. Check the result:

    The account is successfully created if the following information is displayed:

    Successfully added user: {
            "user" : "user1",
            "passwordDigestor" : "server",
            "roles" : [
                    {
                            "role" : "root",
                            "db" : "admin"
                    }
            ]
    }

Changing a Password

  1. Run the following command to select the admin database:

    use admin

  2. Uses user user1 as an example. Run the following command to change its password:

    db.updateUser("user1", {passwordDigestor:"server",pwd:"newPasswd12#"})

    • server: indicates that the password is encrypted on the server.
    • newPasswd12#: indicates the example new password. The password must be 8 to 32 characters in length and contain uppercase letters, lowercase letters, digits, and special characters, such as ~@#%-_!*+=^?

  3. Check the setting result. The password is successfully changed if the following information is displayed:

    • Cluster
      mongos>
    • Replica set
      replica:PRIMARY>