1.用戶權(quán)限說明
image.png
2.用戶創(chuàng)建語法
{
user: "<name>",user字段:用戶的名字;
pwd: "<cleartext password>",pwd字段:用戶的密碼;
customData: { <any information> },cusomData字段:為任意內(nèi)容
roles: [
roles字段:指定用戶的角色,可以用一個(gè)空數(shù)組給新用戶設(shè)定空角色快骗;
{ role: "<role>",
db: "<database>" } | "<role>",
...
]
}
roles 字段:可以指定內(nèi)置角色和用戶定義的角色。
roles字段:指定用戶的角色领猾,可以用一個(gè)空數(shù)組給新用戶設(shè)定空角色豁鲤;
3.創(chuàng)建管理員用戶
3.1進(jìn)入管理數(shù)據(jù)庫
> use admin
創(chuàng)建管理用戶猛们,root權(quán)限
>db.createUser(
{
user: "root",
pwd: "root",
roles: [ { role: "root", db: "admin" } ]
}
)
注意:
創(chuàng)建管理員角色用戶的時(shí)候希俩,必須到admin下創(chuàng)建典挑。刪除的時(shí)候也要到相應(yīng)的庫下操作酥宴。
3.2查看創(chuàng)建完用戶后的collections;
>use admin
> show collections;
system.users # 用戶存放位置
system.version
> db.system.users.find().pretty()
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "v3v1oEvwvX70i+ENCkSiLQ==",
"storedKey" : "aswu2GvDubCXFokl72ZVYzgW1DA=",
"serverKey" : "6maLC10hXo+MJACBWhkwEfRuRkE="
}
},
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> show users (只能查詢本庫)
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
3.3.驗(yàn)證用戶是否能用
> db.auth("root","root")
1 # 返回 1 即為成功
3.4.用戶創(chuàng)建完成后在配置文件中開啟用戶驗(yàn)證
cat >>/etc/mongod.conf<<-'EOF'
security:
authorization: enabled
EOF
** *之后需要重啟服務(wù)****
4登錄MongoDB
方法一:命令行中進(jìn)行登陸
[mongod@MongoDB ~]$ mongo -uroot -proot admin
MongoDB shell version: 3.2.8
connecting to: admin
方法二:在數(shù)據(jù)庫中進(jìn)行登陸驗(yàn)證:
[mongod@MongoDB ~]$ mongo
MongoDB shell version: 3.2.8
connecting to: test
> use admin
switched to db admin
> db.auth("root","root")
1
> show tables;
system.users
system.version
5按生產(chǎn)需求創(chuàng)建應(yīng)用用戶
創(chuàng)建只讀用戶
5.11在test庫創(chuàng)建只讀用戶test
use test
db.createUser(
{
user: "test",
pwd: "test",
roles: [ { role: "read", db: "test" } ]
}
)
5.1.2測試用戶是否創(chuàng)建成功
db.auth("test","test")
show users;
5.1.3登錄test用戶您觉,并測試是否只讀
show collections;
db.createCollection('b')
5.2創(chuàng)建某庫的讀寫用戶
5.2.1創(chuàng)建test1用戶幅虑,權(quán)限為讀寫
db.createUser(
{
user: "test1",
pwd: "test1",
roles: [ { role: "readWrite", db: "test" } ]
}
)
5.2.2查看并測試用戶
show users;
db.auth("test1","test1")
5.3創(chuàng)建對多庫不同權(quán)限的用戶
5.3.1創(chuàng)建對app為讀寫權(quán)限,對test庫為只讀權(quán)限的用戶
use app
db.createUser(
{
user: "app",
pwd: "app",
roles: [ { role: "readWrite", db: "app" },
{ role: "read", db: "test" }
]
}
)
5.3.2查看并測試用戶
show users
db.auth("app","app")
6.刪除用戶
1.刪除app用戶:先登錄到admin數(shù)據(jù)庫
mongo -uroot –proot 127.0.0.1/admin
2.進(jìn)入app庫刪除app用戶
use app
db.dropUser("app")
7. 自定義數(shù)據(jù)庫
1.創(chuàng)建app數(shù)據(jù)庫的管理員:先登錄到admin數(shù)據(jù)庫
use app
db.createUser(
{
user: "admin",
pwd: "admin",
roles: [ { role: "dbAdmin", db: "app" } ]
}
)
2.創(chuàng)建app數(shù)據(jù)庫讀寫權(quán)限的用戶并具有clusterAdmin權(quán)限:
use app
db.createUser(
{
user: "app04",
pwd: "app04",
roles: [ { role: "readWrite", db: "app" },
{ role: "clusterAdmin", db: "admin" }
]
}
)
