原文地址:
http://www.tuicool.com/articles/fMZbUzu
http://www.jb51.net/article/53830.htm
readAnyDatabase 对所有数据库中的collection可读,同时包含listDatabases权限
readWriteAnyDatabase 对所有数据库中的collection可读且可写,同时包含listDatabases权限
userAdminAnyDatabase 对所有数据库拥有userAdmin角色,同时包含listDatabases权限
dbAdminAnyDatabase 对所有数据库拥有dbAdmin角色,同时包含listDatabases权限
cluster相关的权限 clusterMonitor、hostManager、clusterManager、clusterAdmin
root权限, 包含 readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase 和 clusterAdmin 等角色。 但不能访问system. 开头的collection(root does not include any access to collections that begin with the system. prefix.)
__system 超级角色
相关官方文档:http://docs.mongodb.org/manual/reference/built-in-roles/#__system
db.createUser(
{
user: "sa",
pwd: "sa",
roles: [ { role: "__system", db: "admin" } ]
}
)
db.grantRolesToUser(
"sa",
[
{ role: "dbAdminAnyDatabase", db:"admin" }
]
)
mongo.exe --host 127.0.0.1 -u sa -p sa --authenticationDatabase admin
db.createUser(
{
user:"lock2",
pwd:"123456",
roles:[
{role:"readWrite",db:"myblog"}
]
}
)
db.grantRolesToUser(
"lock2",
[
{ role: "readWriteAnyDatabase", db:"myblog" }
]
)