mongodb创建普通用户并授权readWrite角色，并允许访问某一数据库

MongoDB 数据库默认角色

1. 数据库用户角色：read、readWrite
2. 数据库管理角色：dbAdmin、dbOwner、userAdmin
3. 集群管理角色：clusterAdmin、clusterManager、clusterMonitor、hostManager
4. 备份恢复角色：backup、restore
5. 所有数据库角色： readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、
   dbAdminAnyDatabase
6. 超级用户角色：root

1.创建普通用户并赋予角色readWrite，授权读写qyqdb

> use qyqdb       // 跳转到需要添加用户的数据库
switched to db qyqdb

--创建用户qyquser，并授权readWrite角色，授权访问qyqdb数据库
> db.createUser({user:"qyquser",pwd:"<密码>",roles:[{role:"readWrite",db:"qyqdb"}]})
Successfully added user: {
        "user" : "qyquser",
        "roles" : [
                {
                        "role" : "readWrite",
                        "db" : "qyqdb"
                }
        ]
}

--查看创建的用户信息
> db.getUsers();
[
        {
                "_id" : "qyqdb.qyquser",
                "userId" : UUID("8f1ae6e6-882e-4a5e-8a03-2972b8786395"),
                "user" : "qyquser",
                "db" : "qyqdb",
                "roles" : [
                        {
                                "role" : "readWrite",
                                "db" : "qyqdb"
                        }
                ],
                "mechanisms" : [
                        "SCRAM-SHA-1",
                        "SCRAM-SHA-256"
                ]
        }
]
> 

2.使用本地连接

--使用新创建的用户qyquser连接数据库qyqdb
root@28631e42c8a4:/# mongo qyqdb -uqyquser -p          
MongoDB shell version v5.0.5
Enter password: 
connecting to: mongodb://127.0.0.1:27017/qyqdb?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("8cc29c73-818a-4786-9ee8-cbf2c3cf9d42") }
MongoDB server version: 5.0.5
================
Warning: the "mongo" shell has been superseded by "mongosh",
which delivers improved usability and compatibility.The "mongo" shell has been deprecated and will be removed in
an upcoming release.
For installation instructions, see
https://docs.mongodb.com/mongodb-shell/install/
================
> show dbs
qyqdb  0.000GB
> show collections
user
> db.user.find()
{ "_id" : ObjectId("61b1bb1f5b33d3cc45039662"), "name" : "小一", "age" : 18 }
{ "_id" : ObjectId("61b1bb1f5b33d3cc45039663"), "name" : "小二", "age" : 19 }
{ "_id" : ObjectId("61b1bb1f5b33d3cc45039664"), "name" : "张三", "age" : 20 }
{ "_id" : ObjectId("61b1bb1f5b33d3cc45039665"), "name" : "赵四", "age" : 21 }
{ "_id" : ObjectId("61b1bb1f5b33d3cc45039666"), "name" : "王老五", "age" : 22 }
{ "_id" : ObjectId("61b1bb1f5b33d3cc45039667"), "name" : "李老六", "age" : 23 }
{ "_id" : ObjectId("61b1bb1f5b33d3cc45039668"), "name" : "阮小七", "age" : 24 }
{ "_id" : ObjectId("61b1bb205b33d3cc45039669"), "name" : "郑八哥", "age" : 25 }
> 

3.使用navicat连接mongodb

使用新建的用户qyquser去连接新建的数据库qyqdb

 4.连接成功之后，查看数据库和集合

 

5.创建超级管理员用户admin

use admin  //使用admin数据库

db.createUser({
  user: 'admin',  // 用户名
  pwd: '<密码>',  // 密码
  roles:[{
    role: 'root',  // 角色
    db: 'admin'  // 数据库
  }]
})

 6.修改用户密码

show users  // 查看当前库下的用户

--修改用户密码
> db.updateUser('admin', {pwd: '654321'})

--验证密码

> db.auth("admin","123456");    //使用错误的密码登录，报认证失败
Error: Authentication failed.
0


> db.auth("admin","654321");    //使用正确的密码登录，认证成功
1
> 

--测试连接
root@28631e42c8a4:/# mongo admin -uadmin -p654321                
MongoDB shell version v5.0.5
connecting to: mongodb://127.0.0.1:27017/admin?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("a51d7299-0997-4336-8465-4060aaccff76") }
MongoDB server version: 5.0.5
================
Warning: the "mongo" shell has been superseded by "mongosh",
which delivers improved usability and compatibility.The "mongo" shell has been deprecated and will be removed in
an upcoming release.
For installation instructions, see
https://docs.mongodb.com/mongodb-shell/install/
================
---
The server generated these startup warnings when booting: 
        2021-12-09T08:05:11.674+00:00: /sys/kernel/mm/transparent_hugepage/enabled is 'always'. We suggest setting it to 'never'
        2021-12-09T08:05:11.674+00:00: /sys/kernel/mm/transparent_hugepage/defrag is 'always'. We suggest setting it to 'never'
---
---
        Enable MongoDB's free cloud-based monitoring service, which will then receive and display
        metrics about your deployment (disk utilization, CPU, operation statistics, etc).

        The monitoring data will be available on a MongoDB website with a unique URL accessible to you
        and anyone you share the URL with. MongoDB may use this information to make product
        improvements and to suggest MongoDB products and deployment options to you.

        To enable free monitoring, run the following command: db.enableFreeMonitoring()
        To permanently disable this reminder, run the following command: db.disableFreeMonitoring()
---
> show dbs;
admin   0.000GB
config  0.000GB
local   0.000GB
qyqdb   0.000GB
> 

7.删除用户

db.dropUser('admin')  // 删除用户

--删除刚才创建的用户admin
> db.dropUser('admin')
true
> 

--测试admin用户连接，认证失败
> db.auth("admin","654321");
Error: Authentication failed.
0
>