db.changeUserPassword()

On this page

Definition

db. changeUserPassword ( username, password )

Updates a user’s password. Run the method in the database where the user is defined, i.e. the database you created the user.

Parameter	Type	Description
`username`	string	Specifies an existing username with access privileges for this database.
`password`	string	Specifies the corresponding password.
`writeConcern`	document	Optional. The level of write concern for the creation operation. The `writeConcern` document takes the same fields as the `getLastError` command.

Required Access

To modify the password of another user on a database, you must have the changeAnyPassword action on that database.

Behavior

Warning

By default, db.changeUserPassword() sends all specified data to the MongoDB instance in cleartext. Use TLS transport encryption to protect communications between clients and the server, including the password sent by db.changeUserPassword(). For instructions on enabling TLS transport encryption, see Configure mongod and mongos for TLS/SSL.

MongoDB does not store the password in cleartext. The password is only vulnerable in transit between the client and the server, and only if TLS transport encryption is not enabled.

Example

The following operation changes the password of the user named accountUser in the products database to SOh3TbYhx8ypJPxmt1oOfL:

copy

use products
db.changeUserPassword("accountUser", "SOh3TbYhx8ypJPxmt1oOfL")

Docs

Docs4dev

Title here

db.changeUserPassword()

Definition

Required Access

Behavior

Example