MongoDB用户权限管理
MongoDB用户管理:
超级用户管理:
验证库:建立用户时use到的库,在使用用户时,要加上验证库才能登陆
角色分类:
- root
- dbAdmin
- readWrite
- read
创建超级用户:
#创建前要use admin这个验证库,否则无法登陆
use admin
db.createUser({user: "root", pwd: "redhat", roles: [ { role: "root", db: "admin" } ]})
或
use admin
db.createUser(
{
user: "root",
pwd: "redhat",
roles: [ { role: "root", db: "admin" } ]
})
查看超级用户信息:
#'查看超级用户信息前要进入admin库,系统把超级用户信息存放在admin库
use admin
db.system.users.find()
或
db.system.users.find().pretty()
验证用户:
#返回 1 为可用
db.auth('root','redhat')
1
之前配置没有开启认证,现在创建了root超级用户,可以开启用户认证机制了
security: authorization: enabled
重启MongoDB
连接mongodb:
mongo -uroot -predhat 10.0.0.20/admin
库管理用户:------------------------------------------------------------------------------------
创建库管理员用户:
#建议创建用户之前先use到准备创建的库操作用户(只能操作olda库)
use olda
db.createUser(
{
user: "admin",
pwd: "admin",
roles: [ { role: "dbAdmin", db: "olda" } ]
})
验证库管理员用户:
#返回 1 为可用
use olda
db.auth('admin','admin')
1
连接MongoDB:
mongo -uadmin -padmin 10.0.0.20/olda
普通用户管理:------------------------------------------------------------------------------------
创建对olda库可读写的普通用户:
#创建普通用户也要添加验证库
use olda
db.createUser({user: "user", pwd:"user", roles: [ { role: "readWrite", db: "olda" } ]})
或
db.createUser(
{
user: "user",
pwd: "user",
roles: [ { role: "readWrite", db: "olda" } ]
} )
连接MongoDB:
mongo -uuser -puser 10.0.0.20/olda
创建管理多个库的用户:---------------------------------------------------------------------------------
#duouser这个用户可以多olda库读写,对test库只能读
use olda
db.createUser(
{
user: 'duouser',
pwd: 'duouser',
roles: [ { role: 'readWrite', db: 'olda' },
{ role: 'read', db: 'test' } ] } )
连接MongoDB:
mongo -uduouser -pduouser 10.0.0.20/olda
查看以上创建的用户存放位置:
#进入超级管理员验证库
mongo -uduouser -pduouser 10.0.0.20/olda
use admin
show tables
#system.users
#system.version
#查看用户相信信息
db.system.users.find().pretty()
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "la6A+HdxpV7wEWYHOqifQw==",
"storedKey" : "VODHq6Ja7w/wm9f47S5qfxlm3iY=",
"serverKey" : "1We3XPPBBkbwVC/u7Kzdz2re7bg="
}
},
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
{
"_id" : "olda.admin",
"user" : "admin",
"db" : "olda",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "2DnZhHSiphADzExHZMbaDw==",
"storedKey" : "t+fZ8sJ2Kmh/sqAWgIfRlsGB2Tw=",
"serverKey" : "jIbTgFtN1WLkVhOCIyh4RHKTH1s="
}
},
"roles" : [
{
"role" : "dbAdmin",
"db" : "olda"
}
]
}
{
"_id" : "olda.user",
"user" : "user",
"db" : "olda",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "hTRTkAmSRU9nS0R2wNzgqw==",
"storedKey" : "F2ggE96aJMYtuxHHtNVQROSb72o=",
"serverKey" : "zvS/Qkes5EIQcJdsiOWoSckyX4Y="
}
},
"roles" : [
{
"role" : "readWrite",
"db" : "olda"
}
]
}
{
"_id" : "olda.duouser",
"user" : "duouser",
"db" : "olda",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "0hqcsQ98BpSmbYBURVIvng==",
"storedKey" : "j0bMWiI4DM45038IenJa1z1HYgM=",
"serverKey" : "t2C8XcBbHigxUFImMDc/JTOLasQ="
}
},
"roles" : [
{
"role" : "readWrite",
"db" : "olda"
},
{
"role" : "read",
"db" : "test"
}
]
}
删除用户:
#删除用户只能用root超级管理员才可以操作(要进入被删除的用户的验证库)
mongo -uroot -predhat 10.0.0.20/admin
use olda
#删除duouser这个用户
db.dropUser("duouser")