Database users should be able to change their own passwords
Currently, there is no way for Database Users to manage their own passwords, (even if they are atlasAdmin@admin). Moreover, as a Project Owner, I cannot create a role that allows them to do so, e.g.:
use admin
db.createRole(
{ role: "changeOwnPasswordRole",
privileges: [
{
resource: { db: "", collection: ""},
actions: [ "changeOwnPassword"]
}
],
roles: []
}
)
As such, changing passwords always requires a Project Owner setting the new password and sharing it with the Database User. This is a problem, because user-password combinations known by more than one person do not serve as proof of identity.
A Database User should, either by default or via a role, have the changeOwnPassword
Mongo permission, so they can change their own passwords without having to share them with someone else (i.e. a Project Owner).
29
votes
![](https://secure.gravatar.com/avatar/f55ed1aaf619557cb171046b79418a7d?size=40&default=https%3A%2F%2Fassets.uvcdn.com%2Fpkg%2Fadmin%2Ficons%2Fuser_70-6bcf9e08938533adb9bac95c3e487cb2a6d4a32f890ca6fdc82e3072e0ea0368.png)