注意:本操作的mongoDB版本为3.6.0-rc4,3.0之前的版本操作方法不一样
1.查看删除用户
db.system.users.find() //查看用户
db.system.users.remove({}) //删除用户
> use admin
switched to db admin
> db.system.users.find()
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "fonwJMHEMIwgoGRrxR9eKw==", "storedKey" : "XP+OQgK6t/SofureXPxt3gFgwVQ=", "serverKey" : "jvjv/3JAlJarmVKnS3EID744le0=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
> db.system.users.remove({})
WriteResult({ "nRemoved" : 1 })
> db.system.users.find()
>
2.添加用户
注意一点,帐号是跟着库走的,所以在指定库里授权,必须也在指定库里验证(auth)。
//其中包含了授权哪个数据库
> db.createUser({user:"admin",pwd:"admin",roles:[{"role":"userAdminAnyDatabase","db":"admin"}]})
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
>
db.createUser({user:"admin",pwd:"admin",roles:[{"role":"userAdminAnyDatabase","db":"testdb"}]})
测试用户授权
> db.auth("admin","admin")
1
>
为非admin数据库添加账户
> use admin
switched to db admin
> db.auth('admin','amin')
Error: Authentication failed.
0
> db.auth("admin","admin")
1
> db.createUser({user:"user",pwd:"password",roles:[{"role":"readWrite","db":"dbdata"}]})
Successfully added user: {
"user" : "user",
"roles" : [
{
"role" : "readWrite",
"db" : "dbdata"
}
]
}
>
> use admin
switched to db admin
> db.auth('admin','admin')
1
切换到指定的数据库,然后在该数据库下创建用户才可以访问该数据库下数据
> use dbdata;
switched to db dbdata
> db.createUser( { user: "dbuser", pwd: "dbpassword", roles: [ { role: "readWrite", db: "dbdata" } ] } )
Successfully added user: {
"user" : "dbuser",
"roles" : [
{
"role" : "readWrite",
"db" : "dbdata"
}
]
}
>
user:用户名
pwd:密码
roles:指定用户的角色,可以用一个空数组给新用户设定空角色;在roles字段,可以指定内置角色和用户定义的角色。role里的角色可以选:
Built-In Roles(内置角色):
1. 数据库用户角色:read、readWrite;
2. 数据库管理角色:dbAdmin、dbOwner、userAdmin;
3. 集群管理角色:clusterAdmin、clusterManager、clusterMonitor、hostManager;
4. 备份恢复角色:backup、restore;
5. 所有数据库角色:readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase
6. 超级用户角色:root
// 这里还有几个角色间接或直接提供了系统超级用户的访问(dbOwner 、userAdmin、userAdminAnyDatabase)
7. 内部角色:__system
Read:允许用户读取指定数据库
readWrite:允许用户读写指定数据库
dbAdmin:允许用户在指定数据库中执行管理函数,如索引创建、删除,查看统计或访问system.profile
userAdmin:允许用户向system.users集合写入,可以找指定数据库里创建、删除和管理用户
clusterAdmin:只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限。
readAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读权限
readWriteAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读写权限
userAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的userAdmin权限
dbAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限。
root:只在admin数据库中可用。超级账号,超级权限
3.查询用户信息
进入admin之后查询用户信息
> db.system.users.find().pretty()
{
"_id" : "admin.admin",
"user" : "admin",
"db" : "admin",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "/MCaeZ0WWXZuTeRgVENMuA==",
"storedKey" : "KKh/lByPFZUnvzYpbPDyDlZBI1g=",
"serverKey" : "/RsmPbbSEHFBtYMPTYwLjECEkWM="
}
},
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
{
"_id" : "admin.user",
"user" : "user",
"db" : "admin",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "HpYkZ3i8uGHKWC7xF6rqfA==",
"storedKey" : "ZmQsNncHAnjNgd+CUtPE6fGQc0k=",
"serverKey" : "ELj8hAmZHKaPUqVTiZq5qAf6dSE="
}
},
"roles" : [
{
"role" : "readWrite",
"db" : "dbdata"
}
]
}
{
"_id" : "dbdata.dbuser",
"user" : "dbuser",
"db" : "dbdata",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "Ffud1P+H6yfubk/KoDnflQ==",
"storedKey" : "J6xtsa3Tibti/wfNCIs8jAQxgC8=",
"serverKey" : "xImCi++3/c1MhUUUCO6/4cyrrrA="
}
},
"roles" : [
{
"role" : "readWrite",
"db" : "dbdata"
}
]
}
>