- Reference >
- Database Commands >
- User Management Commands >
- updateUser
updateUser¶
On this page
Definition¶
-
updateUser
¶ Updates the user’s profile on the database on which you run the command. An update to a field completely replaces the previous field’s values, including updates to the user’s
roles
array.Warning
When you update the
roles
array, you completely replace the previous array’s values. To add or remove roles without replacing all the user’s existing roles, use thegrantRolesToUser
orrevokeRolesFromUser
commands.The
updateUser
command uses the following syntax. To update a user, you must specify theupdateUser
field and at least one other field, other thanwriteConcern
:The command has the following fields:
Field Type Description updateUser
string The name of the user to update. pwd
string Optional. The user’s password. customData
document Optional. Any arbitrary information. roles
array Optional. The roles granted to the user. An update to the roles
array overrides the previous array’s values.digestPassword
boolean Optional. When true
, themongod
instance will create the hash of the user password; otherwise, the client is responsible for creating the hash of the password. Defaults totrue
.writeConcern
document Optional. The level of write concern for the update operation. The writeConcern
document takes the same fields as thegetLastError
command.In the
roles
field, you can specify both built-in roles and user-defined role.To specify a role that exists in the same database where
updateUser
runs, you can either specify the role with the name of the role:Or you can specify the role with a document, as in:
To specify a role that exists in a different database, specify the role with a document.
Behavior¶
Warning
By default, updateUser
sends all specified data to the MongoDB
instance in cleartext. Use TLS transport encryption to protect
communications between clients and the server,
including the password sent by updateUser
. For
instructions on enabling TLS transport encryption, see
Configure mongod and mongos for TLS/SSL.
MongoDB does not store the password in cleartext. The password is only vulnerable in transit between the client and the server, and only if TLS transport encryption is not enabled.
Required Access¶
You must have access that includes the revokeRole
action on all databases in order to update a
user’s roles
array.
You must have the grantRole
action on a role’s database to add a role to a user.
To change another user’s pwd
or customData
field, you must have
the changeAnyPassword
and changeAnyCustomData
actions respectively on that user’s database.
To modify your own password and custom data, you must have privileges
that grant changeOwnPassword
and
changeOwnCustomData
actions respectively on the user’s database.
Example¶
Given a user appClient01
in the products
database with the following
user info:
The following updateUser
command completely replaces the
user’s customData
and roles
data:
The user appClient01
in the products
database now has the following
user information: