https://www.cnblogs.com/mymelody/p/5906199.html
環(huán)境
MongoDB shell version: 3.2.6
Win 7
設(shè)置方法
用戶權(quán)限設(shè)置
1操漠、進(jìn)入mongodb的shell :mongo
2藐守、切換數(shù)據(jù)庫:use admin
從3.0 版本起懒棉,默認(rèn)只有l(wèi)ocal庫,沒有admin庫硅则,需要我們自己來創(chuàng)建。
3斯嚎、添加用戶募闲,指定用戶的角色和數(shù)據(jù)庫:
db.createUser(?
? { user: "admin",?
? ? customData:{description:"superuser"},
? ? pwd: "admin",?
? ? roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]?
? }?
)?
user字段,為新用戶的名字张惹;
pwd字段舀锨,用戶的密碼岭洲;
cusomData字段宛逗,為任意內(nèi)容,例如可以為用戶全名介紹盾剩;
roles字段雷激,指定用戶的角色,可以用一個空數(shù)組給新用戶設(shè)定空角色告私。在roles字段,可以指定內(nèi)置角色和用戶定義的角色屎暇。
4、查看創(chuàng)建的用戶 :show users或db.system.users.find()
5驻粟、啟用用戶權(quán)限:
修改配置文件根悼,增加配置:
security:
? authorization: enabled
重新啟動mongodb
net stop mongodb;
net start mongodb;
6、用戶驗證使用:
啟用用戶驗證后蜀撑,再次登錄mongo shell 挤巡,執(zhí)行show dbs等命令會提示“沒有權(quán)限”。此時酷麦,需要用戶驗證登錄矿卑。
db.auth("admin","admin")
其他
內(nèi)建的角色
數(shù)據(jù)庫用戶角色:read、readWrite;
數(shù)據(jù)庫管理角色:dbAdmin沃饶、dbOwner母廷、userAdmin轻黑;
集群管理角色:clusterAdmin、clusterManager琴昆、clusterMonitor氓鄙、hostManager;
備份恢復(fù)角色:backup业舍、restore玖详;
所有數(shù)據(jù)庫角色:readAnyDatabase、readWriteAnyDatabase勤讽、userAdminAnyDatabase蟋座、dbAdminAnyDatabase
超級用戶角色:root
// 這里還有幾個角色間接或直接提供了系統(tǒng)超級用戶的訪問(dbOwner 、userAdmin脚牍、userAdminAnyDatabase)
內(nèi)部角色:__system
官方詳情角色說明 –>?傳送門
配置文件示例
官方詳解 –>傳送門
#此處為配置文件可配置的內(nèi)容
#Mongod config file
#MongoDB configuration files use the YAML format.
#The following example configuration file contains several mongod settings.
#
########Example Start########
#systemLog:
#? destination: file
#? path: "/var/log/mongodb/mongodb.log"#? logAppend: true#storage:
#? journal:
#? ? ? enabled: true#processManagement:
#? fork: true#net:
#? bindIp: 127.0.0.1#? port: 27017#setParameter:
#? enableLocalhostAuthBypass: false#
########Example End########
#
########Core Options
systemLog:
#? verbosity: 0? ? #Default: 0; 1 to 5 increases the verbosity level to include Debug messages.
#? quiet: #? traceAllException: #? syslogFacility: user
? path: "/usr/local/mongodb/log/mongod.log"? logAppend: true#? logRotate: ? ? #rename or reopen
? destination: file
#? timeStampFormat: iso8601-local
#? component:
#? ? ? accessControl:
#? ? ? ? verbosity: 0#? ? ? command:
#? ? ? ? verbosity: 0#? ? ? # COMMENT additional component verbosity settings omitted for brevity
#? ? ? storage:
#? ? ? ? verbosity: 0#? ? ? ? journal:
#? ? ? ? ? ? verbosity: #? ? ? write:
#? ? ? ? verbosity: 0#
#
########ProcessManagement Options
processManagement:
? fork: true? pidFilePath: "/usr/local/mongodb/log/mongod.pid"#
#
#########Net Options
net:
? port: 27017#? bindIp: ? ? #Default All interfaces.
#? maxIncomingConnections: 65536#? wireObjectCheck: true#? ipv6: false#? unixDomainSocket:
#? ? ? enabled: true#? ? ? pathPrefix: "/tmp"#? ? ? filePermissions: 0700#? http:
#? ? ? enabled: false#? ? ? JSONPEnabled: false#? ? ? RESTInterfaceEnabled: false#? ssl:
#? ? ? sslOnNormalPorts: ? # deprecated since 2.6#? ? ? mode: #? ? ? PEMKeyFile: #? ? ? PEMKeyPassword: #? ? ? clusterFile: #? ? ? clusterPassword: #? ? ? CAFile: #? ? ? CRLFile: #? ? ? allowConnectionsWithoutCertificates: #? ? ? allowInvalidCertificates: #? ? ? allowInvalidHostnames: false#? ? ? FIPSMode: #
#
########security Options
#security:
#? keyFile: #? clusterAuthMode: keyFile
#? authorization: disable
#? javascriptEnabled:? true########security.sasl Options
#? sasl:
#? ? ? hostName: #? ? ? serviceName: #? ? ? saslauthdSocketPath: #
#
#########setParameter Option
setParameter:
? enableLocalhostAuthBypass: false#? : #? : #
#
#########storage Options
storage:
? dbPath: "/data/db"#? indexBuildRetry: true#? repairPath: "/data/db/_tmp"#? journal:
#? ? ? enabled: true#? directoryPerDB: false#? syncPeriodSecs: 60? engine: "mmapv1"? #Valid options include mmapv1 and wiredTiger.
#########storage.mmapv1 Options
#? mmapv1:
#? ? ? preallocDataFiles: true#? ? ? nsSize: 16#? ? ? quota:
#? ? ? ? enforced: false#? ? ? ? maxFilesPerDB: 8#? ? ? smallFiles: false#? ? ? journal:
#? ? ? ? debugFlags: #? ? ? ? commitIntervalMs: 100? # 100 or 30#########storage.wiredTiger Options
#? wiredTiger:
#? ? ? engineConfig:
#? ? ? ? cacheSizeGB: ? #Default: the maximum of half of physical RAM or 1 gigabyte
#? ? ? ? statisticsLogDelaySecs: 0#? ? ? ? journalCompressor: "snappy"#? ? ? ? directoryForIndexes: false#? ? ? collectionConfig:
#? ? ? ? blockCompressor: "snappy"#? ? ? indexConfig:
#? ? ? ? prefixCompression: true#
#
##########operationProfiling Options
#operationProfiling:
#? slowOpThresholdMs: 100#? mode: "off"#
#
##########replication Options
#replication:
#? oplogSizeMB: #? replSetName: #? secondaryIndexPrefetch: all
#
#
##########sharding Options
#sharding:
#? clusterRole: ? ? #configsvr or shardsvr
#? archiveMovedChunks: True
#
#
#########auditLog Options
#auditLog:
#? destination: ? #syslog/console/file
#? format: ? #JSON/BSON#? path: #? filter: #
#
#########snmp Options
#snmp:
#? subagent: #? master: #
#
########mongos-only Options
#replication:
#? localPingThresholdMs: 15#
#sharding:
#? autoSplit: true#? configDB: #? chunkSize: 64#
#
########Windows Service Options
#processManagement:
#? windowsService:
#? ? ? serviceName: #? ? ? displayName: #? ? ? description: #? ? ? serviceUser: #? ? ? servicePassword:
