• MongoDB3.4创建用户

    角色

    创建用户之前首先要需要了解MongoDB内置角色的概念,这样才能特定场景下创建出合适权限的用户。

    角色分为内置角色 和 用户自定义角色,下面介绍一下内置角色。

    Built-In Roles 内置角色
数据库用户角色:read,readWrite
数据库管理角色:dbAdmin,dbOwner,userAdmin
数据库集群角色:clusterAdmin,clusterManager,clusterMonitor,hostManager
备份恢复角色:backup,restore
所有数据库角色:readAnyDatabase,readWriteAnyDatabase,userAdminAnyDatabase,dbAdminAnyDatabase
超级管理员角色:root
内部角色:__system

    MongoDB用户的创建需要指定数据库,用户认证也需要在指定数据库下进行。

    创建用户管理用户

    //创建用户失败,因为test库下不包含userAdminAnyDatabase角色
rs01:PRIMARY> db.createUser(
...   {
...     user: "useradmin",
...     pwd: "useradmin",
...     roles: [ { role: "userAdminAnyDatabase", db: "test" } ]
...   }
... )
2018-12-28T14:12:51.536+0800 E QUERY    [thread1] Error: couldn't add user: No role named userAdminAnyDatabase@test :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1292:15
@(shell):1:1

//指定admin库,创建用户成功,该用户具有管理用户的角色,可以在任意库下创建用户授权。
rs01:PRIMARY> db.createUser(
...   {
...     user: "useradmin",
...     pwd: "useradmin",
...     roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
...   }
... )
Successfully added user: {
    "user" : "useradmin",
    "roles" : [
        {
            "role" : "userAdminAnyDatabase",
            "db" : "admin"
        }
    ]
} 

    在 products库下创建无权账号

    [root@localhost ~]# mongo 10.238.162.33:27017
MongoDB shell version v3.4.18
connecting to: mongodb://10.238.162.33:27017/test
MongoDB server version: 3.4.18
rs01:PRIMARY> use admin;
switched to db admin
rs01:PRIMARY> db.auth('useradmin','useradmin');
1
rs01:PRIMARY> use products;
switched to db products
rs01:PRIMARY> db.createUser(
...    {
...      user: "user0",
...      pwd: "user0",
...      roles: [ ]
...    }
... )
Successfully added user: { "user" : "user0", "roles" : [ ] }
//无权没有权限查询集合
rs01:PRIMARY> db.auth('user0',user0'')
2018-12-28T14:27:06.743+0800 E QUERY    [thread1] SyntaxError: missing ) after argument list @(shell):1:21
rs01:PRIMARY> db.auth('user0','user0');
1
rs01:PRIMARY> 
rs01:PRIMARY> db.test.findOne();
2018-12-28T14:27:27.425+0800 E QUERY    [thread1] Error: error: {
	"ok" : 0,
	"errmsg" : "not authorized on products to execute command { find: "test", filter: {}, limit: 1.0, singleBatch: true }",
	"code" : 13,
	"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DBCommandCursor@src/mongo/shell/query.js:702:1
DBQuery.prototype._exec@src/mongo/shell/query.js:117:28
DBQuery.prototype.hasNext@src/mongo/shell/query.js:288:5
DBCollection.prototype.findOne@src/mongo/shell/collection.js:294:10
@(shell):1:1

    在 products库下创建只读账号

    //用户认证也需要在特定库下,因为账号是跟着库走的
rs01:PRIMARY> db
products
rs01:PRIMARY> db.auth('useradmin','useradmin');
Error: Authentication failed.
0
rs01:PRIMARY> use admin;
switched to db admin
rs01:PRIMARY> db.auth('useradmin','useradmin');
1

//创建只读账号
rs01:PRIMARY> use products;
switched to db products
rs01:PRIMARY> 
rs01:PRIMARY> db.createUser(
...    {
...      user: "user1",
...      pwd: "user1",
...      roles: [ { role: "read", db: "products" } ]
...    }
... );
Successfully added user: {
	"user" : "user1",
	"roles" : [
		{
			"role" : "read",
			"db" : "products"
		}
	]
}
//使用user1用户查询test集合,可以
rs01:PRIMARY> db.auth('user1','user1');
1
rs01:PRIMARY>  db.test.findOne();
{
	"_id" : ObjectId("5c24969eb8a6681e44bbdf49"),
	"order" : 0,
	"name" : "test0"
}
//使用user1用户插入数据,报错,因为没有写权限
rs01:PRIMARY> db.test.insert({"name":"jack"});
WriteResult({
	"writeError" : {
		"code" : 13,
		"errmsg" : "not authorized on products to execute command { insert: "test", documents: [ { _id: ObjectId('5c25c5bf08e26a323fe49afa'), name: "jack" } ], ordered: true }"
	}
})

    在 products库下创建读写账号

    //创建读写账号
rs01:PRIMARY> use admin;
switched to db admin
rs01:PRIMARY> 
rs01:PRIMARY> db.auth('useradmin','useradmin');
1
rs01:PRIMARY> use products;
switched to db products
rs01:PRIMARY> db.createUser(
...    {
...      user: "user2",
...      pwd: "user2",
...      roles: [ { role: "readWrite", db: "products" } ]
...    }
... )
Successfully added user: {
	"user" : "user2",
	"roles" : [
		{
			"role" : "readWrite",
			"db" : "products"
		}
	]
}
//查询test集合数据
rs01:PRIMARY>  db.auth('user2','user2');
1
rs01:PRIMARY> db.test.find();
{ "_id" : ObjectId("5c24969eb8a6681e44bbdf49"), "order" : 0, "name" : "test0" }
{ "_id" : ObjectId("5c24969eb8a6681e44bbdf4a"), "order" : 1, "name" : "test1" }

//插入数据
rs01:PRIMARY> db.test.insert({'name':'jack'});
WriteResult({ "nInserted" : 1 })

    创建超级用户

    rs01:PRIMARY> use admin;
switched to db admin
rs01:PRIMARY> db.auth('useradmin','useradmin')
1
rs01:PRIMARY> 
rs01:PRIMARY> 
rs01:PRIMARY> db.createUser(
...   {
...     user: "dba",
...     pwd: "dba",
...     roles: [ { role: "root", db: "admin" } ]
...   }
... );
Successfully added user: {
	"user" : "dba",
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	]
}
  • 相关阅读:
    Maven
    SVN
    SSH 互信
    Linux TCP 连接数
    Linux 查看服务进程运行时间
    Linux cache 缓存过大
    TCP 链接 存在大量 close_wait 等待
    windows 查看链接数
    Linux 创建 时间命名 文件
    bzoj 1059 二分图匹配
  • 原文地址:https://www.cnblogs.com/DBABlog/p/12926931.html
Copyright © 2020-2023  润新知