• mongodb 3.2 用户权限管理配置


    环境

    MongoDB shell version: 3.2.6

    Win 7

    设置方法

    用户权限设置

    • 1、进入mongodb的shell : mongo

    • 2、切换数据库: use admin

    从3.0 版本起,默认只有 local 库,没有admin 库,需要我们自己来创建。

    • 3、添加用户,指定用户的角色和数据库:
    • db.createUser(  
        { user: "admin",  
          customData:{description:"superuser"},
          pwd: "admin",  
          roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]  
        }  
      )  
      
      user字段,为新用户的名字;
      
      pwd字段,用户的密码;
      
      cusomData字段,为任意内容,例如可以为用户全名介绍;
      
      roles字段,指定用户的角色,可以用一个空数组给新用户设定空角色。在roles字段,可以指定内置角色和用户定义的角色。
    • 4、查看创建的用户 : show users 或 db.system.users.find()

    • 5、启用用户权限:

    修改配置文件,增加配置:

    security:
      authorization: enabled

    重新启动mongodb

    net stop mongodb;
    net start mongodb;
    • 6、用户验证使用:

    启用用户验证后,再次登录mongo shell ,执行 show dbs 等命令会提示“没有权限”。此时,需要用户验证登录。

    db.auth("admin","admin")

    其他

    内建的角色

    1. 数据库用户角色:read、readWrite;
    2. 数据库管理角色:dbAdmin、dbOwner、userAdmin;
    3. 集群管理角色:clusterAdmin、clusterManager、clusterMonitor、hostManager;
    4. 备份恢复角色:backup、restore;
    5. 所有数据库角色:readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase
    6. 超级用户角色:root
    7. // 这里还有几个角色间接或直接提供了系统超级用户的访问(dbOwner 、userAdmin、userAdminAnyDatabase)
    8. 内部角色:__system

    官方详情角色说明 –> 传送门

    配置文件示例

    官方详解 –> 传送门

    #此处为配置文件可配置的内容
    #Mongod config file 
    #MongoDB configuration files use the YAML format.
    #The following example configuration file contains several mongod settings.
    #
    ########Example Start########
    #systemLog:
    #   destination: file
    #   path: "/var/log/mongodb/mongodb.log"
    #   logAppend: true
    #storage:
    #   journal:
    #      enabled: true
    #processManagement:
    #   fork: true
    #net:
    #   bindIp: 127.0.0.1
    #   port: 27017
    #setParameter:
    #   enableLocalhostAuthBypass: false
    #
    ########Example End########
    #
    ########Core Options
    systemLog:
    #   verbosity: 0    #Default: 0; 1 to 5 increases the verbosity level to include Debug messages.
    #   quiet: <boolean>
    #   traceAllException: <boolean>
    #   syslogFacility: user
       path: "/usr/local/mongodb/log/mongod.log"
       logAppend: true
    #   logRotate: <string>    #rename or reopen
       destination: file
    #   timeStampFormat: iso8601-local
    #   component:
    #      accessControl:
    #         verbosity: 0
    #      command:
    #         verbosity: 0
    #      # COMMENT additional component verbosity settings omitted for brevity
    #      storage:
    #         verbosity: 0
    #         journal:
    #            verbosity: <int>
    #      write:
    #         verbosity: 0
    #
    #
    ########ProcessManagement Options
    processManagement:
       fork: true
       pidFilePath: "/usr/local/mongodb/log/mongod.pid"
    #
    #
    #########Net Options
    net:
       port: 27017
    #   bindIp: <string>    #Default All interfaces.
    #   maxIncomingConnections: 65536
    #   wireObjectCheck: true
    #   ipv6: false
    #   unixDomainSocket:
    #      enabled: true
    #      pathPrefix: "/tmp"
    #      filePermissions: 0700
    #   http:
    #      enabled: false
    #      JSONPEnabled: false
    #      RESTInterfaceEnabled: false
    #   ssl:
    #      sslOnNormalPorts: <boolean>  # deprecated since 2.6
    #      mode: <string>
    #      PEMKeyFile: <string>
    #      PEMKeyPassword: <string>
    #      clusterFile: <string>
    #      clusterPassword: <string>
    #      CAFile: <string>
    #      CRLFile: <string>
    #      allowConnectionsWithoutCertificates: <boolean>
    #      allowInvalidCertificates: <boolean>
    #      allowInvalidHostnames: false
    #      FIPSMode: <boolean>
    #
    #
    ########security Options
    #security:
    #   keyFile: <string>
    #   clusterAuthMode: keyFile
    #   authorization: disable
    #   javascriptEnabled:  true
    ########security.sasl Options
    #   sasl:
    #      hostName: <string>
    #      serviceName: <string>
    #      saslauthdSocketPath: <string>
    #
    #
    #########setParameter Option
    setParameter:
       enableLocalhostAuthBypass: false
    #   <parameter1>: <value1>
    #   <parameter2>: <value2>
    #
    #
    #########storage Options
    storage:
       dbPath: "/data/db"
    #   indexBuildRetry: true
    #   repairPath: "/data/db/_tmp"
    #   journal:
    #      enabled: true
    #   directoryPerDB: false
    #   syncPeriodSecs: 60
       engine: "mmapv1"  #Valid options include mmapv1 and wiredTiger.
    #########storage.mmapv1 Options
    #   mmapv1:
    #      preallocDataFiles: true
    #      nsSize: 16
    #      quota:
    #         enforced: false
    #         maxFilesPerDB: 8
    #      smallFiles: false
    #      journal:
    #         debugFlags: <int>
    #         commitIntervalMs: 100   # 100 or 30
    #########storage.wiredTiger Options
    #   wiredTiger:
    #      engineConfig:
    #         cacheSizeGB: <number>  #Default: the maximum of half of physical RAM or 1 gigabyte
    #         statisticsLogDelaySecs: 0
    #         journalCompressor: "snappy"
    #         directoryForIndexes: false
    #      collectionConfig:
    #         blockCompressor: "snappy"
    #      indexConfig:
    #         prefixCompression: true
    #
    #
    ##########operationProfiling Options
    #operationProfiling:
    #   slowOpThresholdMs: 100
    #   mode: "off"
    #
    #
    ##########replication Options
    #replication:
    #   oplogSizeMB: <int>
    #   replSetName: <string>
    #   secondaryIndexPrefetch: all
    #
    #
    ##########sharding Options
    #sharding:
    #   clusterRole: <string>    #configsvr or shardsvr
    #   archiveMovedChunks: True
    #
    #
    #########auditLog Options
    #auditLog:
    #   destination: <string>   #syslog/console/file
    #   format: <string>   #JSON/BSON
    #   path: <string>
    #   filter: <string>
    #
    #
    #########snmp Options
    #snmp:
    #   subagent: <boolean>
    #   master: <boolean>
    #
    #
    ########mongos-only Options
    #replication:
    #   localPingThresholdMs: 15
    #
    #sharding:
    #   autoSplit: true
    #   configDB: <string>
    #   chunkSize: 64
    #
    #
    ########Windows Service Options
    #processManagement:
    #   windowsService:
    #      serviceName: <string>
    #      displayName: <string>
    #      description: <string>
    #      serviceUser: <string>
    #      servicePassword: <string>

    https://www.cnblogs.com/mymelody/p/5906199.html
    标签: mongodb
  • 相关阅读:
    大话设计模式--第六章 装饰模式
    大话设计模式--第五章 依赖倒置原则
    Linux—文件管理
    Linux—系统管理
    Mysql—添加用户并授权
    Linux—文件权限管理(chmod、chown、chgrp)
    Linux—管理用户、用户组及权限
    Mysql—修改用户密码(重置密码)
    Linux—编译安装详解
    Python—实现sftp客户端(连接远程服务器)
  • 原文地址:https://www.cnblogs.com/seasonzone/p/14755446.html
Copyright © 2020-2023  润新知