启动mongod时加上--auth参数,开启权限认证
db.addUser("username","password ")
第三个参数是创建只读用户(only read,默认readwrite)
用此方法,在普通数据库下,创建的是当前数据库的用户;在amdin数据库下,创建的是root用户;
db.auth("username","password")
认证
(1)创建用户
use admin
db.addUser("admin","admin")
use test
db.adUser("test","test")
(2)管理员用户可以查看所有数据库
use admin
db.auth("admin","admin") (创建的root用户)
验证成功返回 1,失败返回0
(3)普通数据库用户,只能常看当前数据库
use test
db.auth("test","test")
db.createUser(user,writeConcern)
user :document,包括认证和权限
writeConcern :document,可选字段,于getLasterror中字段相同
以下是官网内容:
{ user: "", pwd: "", customData: { <</span>any information> }, roles: [ { role: "", db: "" } | "", ... ] }
use products db.createUser( { "user" : "accountAdmin01", "pwd": "cleartext password", "customData" : { employeeId: 12345 }, "roles" : [ { role: "clusterAdmin", db: "admin" }, { role: "readAnyDatabase", db: "admin" }, "readWrite" ] }, { w: "majority" , wtimeout: 5000 } )
创建的accountAdmin01拥有以下角色:
admin数据库: clusterAdmin和readAnyDatabase角色
products数据库:readWrite角色
数据库角色拥有的权限,详细见官网Database User Roles