MongoDB3.4创建用户

其他 2018-12-28 20:38:33 阅读次数: 0
版权声明: https://blog.csdn.net/qq_35209838/article/details/85310304

角色

创建用户之前首先要需要了解MongoDB内置角色的概念,这样才能特定场景下创建出合适权限的用户。

角色分为内置角色 和 用户自定义角色,下面介绍一下内置角色。

Built-In Roles 内置角色
数据库用户角色:read,readWrite
数据库管理角色:dbAdmin,dbOwner,userAdmin
数据库集群角色:clusterAdmin,clusterManager,clusterMonitor,hostManager
备份恢复角色:backup,restore
所有数据库角色:readAnyDatabase,readWriteAnyDatabase,userAdminAnyDatabase,dbAdminAnyDatabase
超级管理员角色:root
内部角色:__system

MongoDB用户的创建需要指定数据库,用户认证也需要在指定数据库下进行。

创建用户管理用户

//创建用户失败,因为test库下不包含userAdminAnyDatabase角色
rs01:PRIMARY> db.createUser(
...   {
...     user: "useradmin",
...     pwd: "useradmin",
...     roles: [ { role: "userAdminAnyDatabase", db: "test" } ]
...   }
... )
2018-12-28T14:12:51.536+0800 E QUERY    [thread1] Error: couldn't add user: No role named userAdminAnyDatabase@test :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1292:15
@(shell):1:1

//指定admin库,创建用户成功,该用户具有管理用户的角色,可以在任意库下创建用户授权。
rs01:PRIMARY> db.createUser(
...   {
...     user: "useradmin",
...     pwd: "useradmin",
...     roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
...   }
... )
Successfully added user: {
    "user" : "useradmin",
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
} 

在 products库下创建无权账号

[root@localhost ~]# mongo 10.238.162.33:27017
MongoDB shell version v3.4.18
connecting to: mongodb://10.238.162.33:27017/test
MongoDB server version: 3.4.18
rs01:PRIMARY> use admin;
switched to db admin
rs01:PRIMARY> db.auth('useradmin','useradmin');
1
rs01:PRIMARY> use products;
switched to db products
rs01:PRIMARY> db.createUser(
...    {
...      user: "user0",
...      pwd: "user0",
...      roles: [ ]
...    }
... )
Successfully added user: { "user" : "user0", "roles" : [ ] }
//无权没有权限查询集合
rs01:PRIMARY> db.auth('user0',user0'')
2018-12-28T14:27:06.743+0800 E QUERY    [thread1] SyntaxError: missing ) after argument list @(shell):1:21
rs01:PRIMARY> db.auth('user0','user0');
1
rs01:PRIMARY> 
rs01:PRIMARY> db.test.findOne();
2018-12-28T14:27:27.425+0800 E QUERY    [thread1] Error: error: {
	"ok" : 0,
	"errmsg" : "not authorized on products to execute command { find: \"test\", filter: {}, limit: 1.0, singleBatch: true }",
	"code" : 13,
	"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DBCommandCursor@src/mongo/shell/query.js:702:1
DBQuery.prototype._exec@src/mongo/shell/query.js:117:28
DBQuery.prototype.hasNext@src/mongo/shell/query.js:288:5
DBCollection.prototype.findOne@src/mongo/shell/collection.js:294:10
@(shell):1:1

在 products库下创建只读账号

//用户认证也需要在特定库下,因为账号是跟着库走的
rs01:PRIMARY> db
products
rs01:PRIMARY> db.auth('useradmin','useradmin');
Error: Authentication failed.
0
rs01:PRIMARY> use admin;
switched to db admin
rs01:PRIMARY> db.auth('useradmin','useradmin');
1

//创建只读账号
rs01:PRIMARY> use products;
switched to db products
rs01:PRIMARY> 
rs01:PRIMARY> db.createUser(
...    {
...      user: "user1",
...      pwd: "user1",
...      roles: [ { role: "read", db: "products" } ]
...    }
... );
Successfully added user: {
	"user" : "user1",
	"roles" : [
		{
			"role" : "read",
			"db" : "products"
		}
	]
}
//使用user1用户查询test集合,可以
rs01:PRIMARY> db.auth('user1','user1');
1
rs01:PRIMARY>  db.test.findOne();
{
	"_id" : ObjectId("5c24969eb8a6681e44bbdf49"),
	"order" : 0,
	"name" : "test0"
}
//使用user1用户插入数据,报错,因为没有写权限
rs01:PRIMARY> db.test.insert({"name":"jack"});
WriteResult({
	"writeError" : {
		"code" : 13,
		"errmsg" : "not authorized on products to execute command { insert: \"test\", documents: [ { _id: ObjectId('5c25c5bf08e26a323fe49afa'), name: \"jack\" } ], ordered: true }"
	}
})

在 products库下创建读写账号

//创建读写账号
rs01:PRIMARY> use admin;
switched to db admin
rs01:PRIMARY> 
rs01:PRIMARY> db.auth('useradmin','useradmin');
1
rs01:PRIMARY> use products;
switched to db products
rs01:PRIMARY> db.createUser(
...    {
...      user: "user2",
...      pwd: "user2",
...      roles: [ { role: "readWrite", db: "products" } ]
...    }
... )
Successfully added user: {
	"user" : "user2",
	"roles" : [
		{
			"role" : "readWrite",
			"db" : "products"
		}
	]
}
//查询test集合数据
rs01:PRIMARY>  db.auth('user2','user2');
1
rs01:PRIMARY> db.test.find();
{ "_id" : ObjectId("5c24969eb8a6681e44bbdf49"), "order" : 0, "name" : "test0" }
{ "_id" : ObjectId("5c24969eb8a6681e44bbdf4a"), "order" : 1, "name" : "test1" }

//插入数据
rs01:PRIMARY> db.test.insert({'name':'jack'});
WriteResult({ "nInserted" : 1 })

创建超级用户

rs01:PRIMARY> use admin;
switched to db admin
rs01:PRIMARY> db.auth('useradmin','useradmin')
1
rs01:PRIMARY> 
rs01:PRIMARY> 
rs01:PRIMARY> db.createUser(
...   {
...     user: "dba",
...     pwd: "dba",
...     roles: [ { role: "root", db: "admin" } ]
...   }
... );
Successfully added user: {
	"user" : "dba",
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	]
}

猜你喜欢

转载自blog.csdn.net/qq_35209838/article/details/85310304
今日推荐
Arc Browser for Windows 1.0 正式 GA
90后程序员开发视频搬运软件、不到一年获利超 700 万,结局很刑!
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
周排行
rbac——界面、权限
Apache CXF + SpringMVC 整合发布WebService
so插件化
Vue.js实战系列---图标字体制作(svg格式)
PAT乙级 1007 素数对猜想(孪生素数对) (20分) ---(C语言 + 详细注释)
被IRM保护的文档,打开失败
Calendar和Date计算日期差的小问题
win10子系统ubuntu18.4安装docker
利用Wrap Shell Script定位Android Native内存泄漏
MySQL: Transaction (Part I - Basic Concept)
每日归档
更多
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022