db.changeUserPassword()

Definition

  • db.changeUserPassword(username, password)
  • Updates a user’s password. Run the method in the database where theuser is defined, i.e. the database you created the user.

ParameterTypeDescriptionusernamestringThe name of the user whose password you wish to change.passwordstringThe user’s password. The value can be either:

  • the user’s password in cleartext string, or
  • passwordPrompt() to prompt for the user’s password.

Tip

Starting in version 4.2 of the mongo shell, you canuse the passwordPrompt() method in conjunction withvarious user authentication/management methods/commands to promptfor the password instead of specifying the password directly in themethod/command call. However, you can still specify the passworddirectly as you would with earlier versions of themongo shell.

writeConcerndocumentOptional. The level of write concern for thecreation operation. The writeConcern document takes the samefields as the getLastError command.

Required Access

To modify the password of another user on a database, you must have thechangeAnyPassword actionon that database.

Behavior

Warning

By default, db.changeUserPassword() sends all specified data to the MongoDBinstance in cleartext, even if using passwordPrompt(). UseTLS transport encryption to protect communications between clientsand the server, including the password sent by db.changeUserPassword(). Forinstructions on enabling TLS transport encryption, seeConfigure mongod and mongos for TLS/SSL.

MongoDB does not store the password in cleartext. The passwordis only vulnerable in transit between the client and theserver, and only if TLS transport encryption is not enabled.

Example

The following operation changes the password of the user namedaccountUser in the products database to SOh3TbYhx8ypJPxmt1oOfL:

Tip

Starting in version 4.2 of the mongo shell, you canuse the passwordPrompt() method in conjunction withvarious user authentication/management methods/commands to promptfor the password instead of specifying the password directly in themethod/command call. However, you can still specify the passworddirectly as you would with earlier versions of themongo shell.

  1. use products
  2. db.changeUserPassword("accountUser", passwordPrompt())

When prompted in the mongo shell for the password, enterthe new password.

You can also pass the new password directly todb.changeUserPassword():

  1. use products
  2. db.changeUserPassword("accountUser", "SOh3TbYhx8ypJPxmt1oOfL")