Following good practice we put user credentials into the non-replicated admin database. Note the empty role array for admin.
$ use admin
$ db.auth('root','***')
$ db.addUser({user:'new_user',pwd:'***',otherDBRoles: { peachy_prod: ['read']}, roles: []})
We then reference the new user in the actual db.
$ use peachy_prod
$ db.addUser({user:'new_user',userSource:'admin', roles: ['read']})
Now we can auth against the admin database and obtain the authorization to access the actual db.
$ use admin
$ db.auth('new_user','***')
$ use actual_db
Posted by Andreas Wagner to Toolbox Cash on Go's deck (2015-09-10 14:17)