zoukankan html css js c++ java

MongoDB3.4创建用户

角色

创建用户之前首先要需要了解MongoDB内置角色的概念，这样才能特定场景下创建出合适权限的用户。

角色分为内置角色和用户自定义角色，下面介绍一下内置角色。

Built-In Roles 内置角色
数据库用户角色：read，readWrite
数据库管理角色：dbAdmin，dbOwner，userAdmin
数据库集群角色：clusterAdmin，clusterManager，clusterMonitor，hostManager
备份恢复角色：backup，restore
所有数据库角色：readAnyDatabase，readWriteAnyDatabase，userAdminAnyDatabase，dbAdminAnyDatabase
超级管理员角色：root
内部角色：__system

MongoDB用户的创建需要指定数据库，用户认证也需要在指定数据库下进行。

创建用户管理用户

//创建用户失败，因为test库下不包含userAdminAnyDatabase角色
rs01:PRIMARY> db.createUser(
...   {
...     user: "useradmin",
...     pwd: "useradmin",
...     roles: [ { role: "userAdminAnyDatabase", db: "test" } ]
...   }
... )
2018-12-28T14:12:51.536+0800 E QUERY    [thread1] Error: couldn't add user: No role named userAdminAnyDatabase@test :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1292:15
@(shell):1:1

//指定admin库，创建用户成功，该用户具有管理用户的角色，可以在任意库下创建用户授权。
rs01:PRIMARY> db.createUser(
...   {
...     user: "useradmin",
...     pwd: "useradmin",
...     roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
...   }
... )
Successfully added user: {
    "user" : "useradmin",
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
}

在 products库下创建无权账号

[root@localhost ~]# mongo 10.238.162.33:27017
MongoDB shell version v3.4.18
connecting to: mongodb://10.238.162.33:27017/test
MongoDB server version: 3.4.18
rs01:PRIMARY> use admin;
switched to db admin
rs01:PRIMARY> db.auth('useradmin','useradmin');
1
rs01:PRIMARY> use products;
switched to db products
rs01:PRIMARY> db.createUser(
...    {
...      user: "user0",
...      pwd: "user0",
...      roles: [ ]
...    }
... )
Successfully added user: { "user" : "user0", "roles" : [ ] }
//无权没有权限查询集合
rs01:PRIMARY> db.auth('user0',user0'')
2018-12-28T14:27:06.743+0800 E QUERY    [thread1] SyntaxError: missing ) after argument list @(shell):1:21
rs01:PRIMARY> db.auth('user0','user0');
1
rs01:PRIMARY> 
rs01:PRIMARY> db.test.findOne();
2018-12-28T14:27:27.425+0800 E QUERY    [thread1] Error: error: {
	"ok" : 0,
	"errmsg" : "not authorized on products to execute command { find: "test", filter: {}, limit: 1.0, singleBatch: true }",
	"code" : 13,
	"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DBCommandCursor@src/mongo/shell/query.js:702:1
DBQuery.prototype._exec@src/mongo/shell/query.js:117:28
DBQuery.prototype.hasNext@src/mongo/shell/query.js:288:5
DBCollection.prototype.findOne@src/mongo/shell/collection.js:294:10
@(shell):1:1

在 products库下创建只读账号

//用户认证也需要在特定库下，因为账号是跟着库走的
rs01:PRIMARY> db
products
rs01:PRIMARY> db.auth('useradmin','useradmin');
Error: Authentication failed.
0
rs01:PRIMARY> use admin;
switched to db admin
rs01:PRIMARY> db.auth('useradmin','useradmin');
1

//创建只读账号
rs01:PRIMARY> use products;
switched to db products
rs01:PRIMARY> 
rs01:PRIMARY> db.createUser(
...    {
...      user: "user1",
...      pwd: "user1",
...      roles: [ { role: "read", db: "products" } ]
...    }
... );
Successfully added user: {
	"user" : "user1",
	"roles" : [
		{
			"role" : "read",
			"db" : "products"
		}
	]
}
//使用user1用户查询test集合，可以
rs01:PRIMARY> db.auth('user1','user1');
1
rs01:PRIMARY>  db.test.findOne();
{
	"_id" : ObjectId("5c24969eb8a6681e44bbdf49"),
	"order" : 0,
	"name" : "test0"
}
//使用user1用户插入数据，报错，因为没有写权限
rs01:PRIMARY> db.test.insert({"name":"jack"});
WriteResult({
	"writeError" : {
		"code" : 13,
		"errmsg" : "not authorized on products to execute command { insert: "test", documents: [ { _id: ObjectId('5c25c5bf08e26a323fe49afa'), name: "jack" } ], ordered: true }"
	}
})

在 products库下创建读写账号

//创建读写账号
rs01:PRIMARY> use admin;
switched to db admin
rs01:PRIMARY> 
rs01:PRIMARY> db.auth('useradmin','useradmin');
1
rs01:PRIMARY> use products;
switched to db products
rs01:PRIMARY> db.createUser(
...    {
...      user: "user2",
...      pwd: "user2",
...      roles: [ { role: "readWrite", db: "products" } ]
...    }
... )
Successfully added user: {
	"user" : "user2",
	"roles" : [
		{
			"role" : "readWrite",
			"db" : "products"
		}
	]
}
//查询test集合数据
rs01:PRIMARY>  db.auth('user2','user2');
1
rs01:PRIMARY> db.test.find();
{ "_id" : ObjectId("5c24969eb8a6681e44bbdf49"), "order" : 0, "name" : "test0" }
{ "_id" : ObjectId("5c24969eb8a6681e44bbdf4a"), "order" : 1, "name" : "test1" }

//插入数据
rs01:PRIMARY> db.test.insert({'name':'jack'});
WriteResult({ "nInserted" : 1 })

创建超级用户

rs01:PRIMARY> use admin;
switched to db admin
rs01:PRIMARY> db.auth('useradmin','useradmin')
1
rs01:PRIMARY> 
rs01:PRIMARY> 
rs01:PRIMARY> db.createUser(
...   {
...     user: "dba",
...     pwd: "dba",
...     roles: [ { role: "root", db: "admin" } ]
...   }
... );
Successfully added user: {
	"user" : "dba",
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	]
}

查看全文

相关阅读:
包管理器Bower使用手冊之中的一个
 开机就提示“请安装TCP/IP协议，error=10106”的解决的方法
 Apache Thrift的简单使用
 Python机器学习实战<一>：环境的配置
 数据库期末考试复习题第二�
数据集成之主数据管理（一）基础概念篇
 Cocos2d-x开发中C++内存管理
 html中#include file的使用方法
 网页的背景图片代码
 TEST

原文地址：https://www.cnblogs.com/DBABlog/p/12926931.html