Is there any best practice in MongoDB as to where I should put my database users?
I've just set up a local MongoDB server and I've added users in the admin database and granted them access to "their" (by their I mean the only database the users have access to) database.
Do you think it would be better to just put the users in "their" database and not in the admin database?
解决方案
Regardless of the user's authentication database, Mongo always stores user information in admin.
MongoDB stores all user information, including name, password, and the user's authentication database, in the system.users collection in the admin database.
When you create a user and grant that user access to a single database (aka their authentication database) then that information can only be stored in the admin database.
So, it's not really a question of "best practice"; storing user details in admin is MongoDB's choice, as implemented by their user management commands.
Update in response to this comment:
Ok, so the users are always located in the admin db, but I may also add "duplicates" to the other dbs? Maybe the question should be whether there any advantage in adding users to the other "non admin" dbs?
If you intend to have a single user with access to multiple databases then create a single user with roles in each of those databases rather than creating that user multiple times i.e. once in each of those databases. For example:
use admin;
db.createUser({user:'userName', pwd:'passwordValue', roles:[
{role:'readWrite', db:'DatabaseA'},
{role:'readWrite', db:'DatabaseB'}
]});
扫一扫
1561
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
