• MongoDB用户权限管理


    MongoDB权限说明

    权限误区:并不是说下面的排序就证明权限越来越大除了 readWrite 权限用户外(root权限用户也包括),其它用户都不具备对数据库的写入权限,除 read 权限外,其它用户都不具备对数据库中的读权限,每个权限的功能各不一样(除root外)

    普通用户
    普通用户只是拥有下面的读写权限

    权限 说明
    Read 允许用户读取指定数据库
    readWrite 允许用户读写指定数据库
    管理用户
    管理用户具备下面说明的一些操作权限

    权限 说明
    dbAdmin 允许用户在指定数据库中指定管理函数,如(索引创建、删除、查看统计访问system.profile)
    userAdmin 允许用户向system.users集合写入,可以找指定数据里面创建、删除和管理用户
    clusterAdmin 只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限
    授权用户
    以下用户主要是为其它用户赋予相应的权限

    权限 说明
    readAnyDatabase 只在admin数据库中可用,赋予用户所有数据库的读权限
    readWriteAnyDatabase 只在admin数据库中可用,赋予用户所有数据库的读写权限
    userWriteAnyDatabase 只在admin数据库中可用,赋予用户所有数据库的userAdmin权限
    dbAdminAnyDatabase 只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限
    超级管理员
    可以无所不能,为所欲为

    权限 说明
    root 只在admin数据库中可用,超级管理员
    mongodb安装好后第一次进入是不需要密码的,也没有任何用户,直接连接进入即可

    /usr/local/mongodb/bin/mongo --host 192.168.31.215 --port 27018
    创建管理用户

    > use admin
    switched to db admin
    > db.createUser ( {
    ... user:"manage",
    ... pwd:"123456",
    ... roles:[ { role:"root", db:"admin" } ]
    ... }
    ... )

    #返回以下信息代表创建成功
    Successfully added user: {
    "user" : "manage",
    "roles" : [
    {
    "role" : "root",
    "db" : "admin"
    }
    ]
    }
    退出登录,然后在mongodb配置文件中开启认证

    vim /usr/local/mongodb/27018/conf/mongod.conf
    security:
    authorization: enabled
    javascriptEnabled: true
    重启mongodb

    /usr/local/mongodb/bin/mongod --shutdown -f /usr/local/mongodb/27018/conf/mongod.conf
    /usr/local/mongodb/bin/mongod -f /usr/local/mongodb/27018/conf/mongod.conf
    连接mongodb

    /usr/local/mongodb/bin/mongo --host 192.168.31.215 --port 27018
    MongoDB shell version v4.2.0
    connecting to: mongodb://192.168.31.215:27018/?compressors=disabled&gssapiServiceName=mongodb
    Implicit session: session { "id" : UUID("fc77266a-b2ff-4eb0-b6ca-c493c7c29143") }
    MongoDB server version: 4.2.0
    > use admin #进入admin库中先进行账号认证
    switched to db admin
    > db.auth('manage','123456') #认证账号,值返回1代表认证成功
    1
    mongdb库创建读写用户

    > db.createUser( {
    ... user:"zhangsan",
    ... pwd:"zhangsan",
    ... roles:[ { role:"readWrite", db:"mongdb" } ]
    ... }
    ... )
    Successfully added user: {
    "user" : "zhangsan",
    "roles" : [
    {
    "role" : "readWrite",
    "db" : "mongdb"
    }
    ]
    }
    验证创建的zhangsan用户(不需要退出登录)

    > use admin
    switched to db admin
    > db.auth('zhangsan','zhangsan')
    1
    > show dbs #查看数据库,因为mongdb数据库存储数据,所以看不到
    > use mongdb #直接 use 到mongdb数据库中
    switched to db mongdb

    #插入 json 格式文档到 coll 集合中
    > db.coll.insert({"name": "Zhangsan","url": "http://abcops.cn","age": 25,"isNonProfit": true,})
    WriteResult({ "nInserted" : 1 })
    > show collections #查看已存在集合
    coll
    > db.coll.find() #读取集合中的数据
    { "_id" : ObjectId("5d8b24c2f1c33f4950f2c5df"), "name" : "Zhangsan", "url" : "http://abcops.cn", "age" : 25, "isNonProfit" : true }
    以上完成了读写权限的验证

    一个用户多个权限

    为 lisi 用户授权 01db read权限 02db readWrite 03db dbAdmin权限 04db userAdmin权限
    这次先把数据库创建出来

    > use admin
    switched to db admin
    > db.auth('manage','123456')
    1

    > use 01db
    switched to db 01db
    > db.coll.insert({"name": "01db","url": "http://abcops.cn","age": 25,"isNonProfit": true,})
    WriteResult({ "nInserted" : 1 })

    > use 02db
    switched to db 02db
    > db.coll.insert({"name": "02db","url": "http://abcops.cn","age": 25,"isNonProfit": true,})
    WriteResult({ "nInserted" : 1 })

    > use 03db
    switched to db 03db
    > db.coll.insert({"name": "03db","url": "http://abcops.cn","age": 25,"isNonProfit": true,})
    WriteResult({ "nInserted" : 1 })

    > use 04db
    switched to db 04db
    > db.coll.insert({"name": "04db","url": "http://abcops.cn","age": 25,"isNonProfit": true,})
    WriteResult({ "nInserted" : 1 })
    创建用户并授权

    > db.createUser( {
    ... user:"lisi",
    ... pwd:"123456",
    ... roles: [ { role:"read",db:"01db" },
    ... { role:"readWrite",db:"02db" },
    ... { role:"dbAdmin",db:"03db" },
    ... { role:"userAdmin",db:"04db" } ]
    ... }
    ... )
    Successfully added user: {
    "user" : "lisi",
    "roles" : [
    {
    "role" : "read",
    "db" : "01db"
    },
    {
    "role" : "readWrite",
    "db" : "02db"
    },
    {
    "role" : "dbAdmin",
    "db" : "03db"
    },
    {
    "role" : "userAdmin",
    "db" : "04db"
    }
    ]
    }
    查看所有用户

    > show users
    {
    "_id" : "admin.admin",
    "userId" : UUID("9958faa5-7132-4146-8775-a001e47fe7f8"),
    "user" : "admin",
    "db" : "admin",
    "roles" : [
    {
    "role" : "root",
    "db" : "admin"
    }
    ],
    "mechanisms" : [
    "SCRAM-SHA-1"
    ]
    }
    {
    "_id" : "admin.lisi",
    "userId" : UUID("bc8e5dc7-2f8c-40c1-8190-cea4951ae4a1"),
    "user" : "lisi",
    "db" : "admin",
    "roles" : [
    {
    "role" : "read",
    "db" : "01db"
    },
    {
    "role" : "readWrite",
    "db" : "02db"
    },
    {
    "role" : "dbAdmin",
    "db" : "03db"
    },
    {
    "role" : "userAdmin",
    "db" : "04db"
    }
    ],
    "mechanisms" : [
    "SCRAM-SHA-1"
    ]
    }
    {
    "_id" : "admin.manage",
    "userId" : UUID("e1b34f57-06f2-4ef1-b23a-2d46a3964fbf"),
    "user" : "manage",
    "db" : "admin",
    "roles" : [
    {
    "role" : "root",
    "db" : "admin"
    }
    ],
    "mechanisms" : [
    "SCRAM-SHA-1"
    ]
    }
    {
    "_id" : "admin.micvs",
    "userId" : UUID("1f4837c7-8c14-40d4-8a21-d621e0bcc278"),
    "user" : "micvs",
    "db" : "admin",
    "roles" : [
    {
    "role" : "dbAdminAnyDatabase",
    "db" : "admin"
    }
    ],
    "mechanisms" : [
    "SCRAM-SHA-1",
    "SCRAM-SHA-256"
    ]
    }
    {
    "_id" : "admin.zhangsan",
    "userId" : UUID("1003726b-c7fc-44e6-b001-b5c828bfb40d"),
    "user" : "zhangsan",
    "db" : "admin",
    "roles" : [
    {
    "role" : "readWrite",
    "db" : "mongdb"
    }
    ],
    "mechanisms" : [
    "SCRAM-SHA-1"
    ]
    }

  • 相关阅读:
    【转载】stm32的GPIO八种工作模式
    常用数字滤波算法总结
    ST-LINK使用注意
    【转载】深入理解嵌入式开发
    【stm32中断优先级--珍藏版】
    对飞控的理解(一)
    【转载】c语言数据的左移右移
    四轴之第一炸
    linux下查看隐藏文件
    Jetson TK1 五:移植工控机程序到板上
  • 原文地址:https://www.cnblogs.com/guarderming/p/13238082.html
Copyright © 2020-2023  润新知