1. 创建用户
db.createUser( { user: "user2", pwd: "user2", roles: [ { role: "dbOwner", db: "db1" }, { role: "clusterManager", db: "admin" } ] } )
2. 修改用户
db.updateUser( "user3", { customDate:{"any information"}, roles: [ { role: "dbOwner", db: "db1" }, { role: "clusterManager", db: "admin" } ], pwd:"password" }, writeconcem:{<write concem>} )
Mongodb角色表:
|
角色分类 |
角色 |
权限及角色 (本文大小写可能有些变化,使用时请参考官方文档) |
|
Database User Roles |
read |
CollStats,dbHash,dbStats,find,killCursors,listIndexes,listCollections |
|
readWrite |
CollStats,ConvertToCapped,CreateCollection,DbHash,DbStats, DropCollection,CreateIndex,DropIndex,Emptycapped,Find, Insert,KillCursors,ListIndexes,ListCollections,Remove, RenameCollectionSameDB,update |
|
|
Database Administration Roles |
dbAdmin |
collStats,dbHash,dbStats,find,killCursors,listIndexes,listCollections, dropCollection 和 createCollection 在 system.profile |
|
dbOwner |
角色:readWrite, dbAdmin,userAdmin |
|
|
userAdmin |
ChangeCustomData,ChangePassword,CreateRole,CreateUser, DropRole,DropUser,GrantRole,RevokeRole,ViewRole,viewUser |
|
|
Cluster Administration Roles |
clusterAdmin |
角色:clusterManager, clusterMonitor, hostManager |
|
clusterManager |
AddShard,ApplicationMessage,CleanupOrphaned,FlushRouterConfig, ListShards,RemoveShard,ReplSetConfigure,ReplSetGetStatus, ReplSetStateChange,Resync, EnableSharding,MoveChunk,SplitChunk,splitVector |
|
|
clusterMonitor |
connPoolStats,cursorInfo,getCmdLineOpts,getLog,getParameter, getShardMap,hostInfo,inprog,listDatabases,listShards,netstat, replSetGetStatus,serverStatus,shardingState,top collStats,dbStats,getShardVersion |
|
|
hostManager |
applicationMessage,closeAllDatabases,connPoolSync,cpuProfiler, diagLogging,flushRouterConfig,fsync,invalidateUserCache,killop, logRotate,resync,setParameter,shutdown,touch,unlock |
|
|
Backup and Restoration Roles |
backup |
提供在admin数据库mms.backup文档中insert,update权限 列出所有数据库:listDatabases 列出所有集合索引:listIndexes 对以下提供查询操作:find *非系统集合 *系统集合:system.indexes, system.namespaces, system.js *集合:admin.system.users 和 admin.system.roles |
|
restore |
非系统集合、system.js,admin.system.users 和 admin.system.roles 及2.6 版本的system.users提供以下权限: collMod,createCollection,createIndex,dropCollection,insert 列出所有数据库:listDatabases system.users :find,remove,update |
|
|
All-Database Roles |
readAnyDatabase |
提供所有数据库中只读权限:read 列出集群所有数据库:listDatabases |
|
readWriteAnyDatabase |
提供所有数据库读写权限:readWrite 列出集群所有数据库:listDatabases |
|
|
userAdminAnyDatabase |
提供所有用户数据管理权限:userAdmin Cluster:authSchemaUpgrade,invalidateUserCache,listDatabases admin.system.users和admin.system.roles: collStats,dbHash,dbStats,find,killCursors,planCacheRead createIndex,dropIndex |
|
|
dbAdminAnyDatabase |
提供所有数据库管理员权限:dbAdmin 列出集群所有数据库:listDatabases |
|
|
Superuser Roles |
root |
角色:dbOwner,userAdmin,userAdminAnyDatabase readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase,clusterAdmin |
|
Internal Role |
__system |
集群中对任何数据库采取任何操作 |