今天给研发,创建测试库,分配相关权限 ,发现一些小问题如果下:
1、
use testdb
mongos> db.createUser(
... {
... user: "testdb",
... pwd: "testdb",
... roles: [ { role: "readWrite", db: "testdb" } ]
... }
... )
可以看到在普通数据库创建用户,给予普通的角色,是可以正常创建,但是,当给普通的数据库创建具有管理权限的用户,给予管理角色,就会报错,提示没有此角色,如下:
use testdb
mongos> db.createUser(
... {
... user: "test",
... pwd: "test",
... roles: [ { role: "root", db: "testdb" } ]
... }
... )
2017-05-18T12:03:11.312+0800 E QUERY [thread1] Error: couldn't add user: No role named root@testdb :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1267:15
@(shell):1:1
授权也是会一样的报错:
mongos> db.grantRolesToUser( "testdb", { role: "root", db: "admin" }, { writeConcern: { w: "majority" , wtimeout: 2000 } } )
2017-05-18T11:49:05.659+0800 E QUERY [thread1] Error: "roles" had the wrong type. Expected Array, found Object :_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.grantRolesToUser@src/mongo/shell/db.js:1473:19
@(shell):1:1
但是使用use admin 可以正常创建用户
mongos> db.createUser(
... {
... user: "admin",
... pwd: "admin",
... roles: [ { role: "root", db: "admin" } ]
... }
... )
后来就发现,管理权限的只能针对admin数据
mongos> use testdb;
mongos> db.grantRolesToUser( "testdb", { role: "root", db: "admin" }, { writeConcern: { w: "majority" , wtimeout: 2000 } } )
mongos> use admin
switched to db admin
mongos> show tables
system.users
system.version
mongos> db.system.users.find().pretty()
{
"_id" : "testdb.testdb",
"user" : "testdb",
"db" : "testdb",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "oaPAbXPzfFXEPV6ebyvNHg==",
"storedKey" : "0UyanXIbt2rREDWNMQzQqFuUGgw=",
"serverKey" : "bV0KR/gIjNa9kWXHT6z6lho8cFM="
}
},
"roles" : [
{
"role" : "root",
"db" : "admin"
},
{
"role" : "read",
"db" : "testdb"
},
{
"role" : "readWrite",
"db" : "testdb"
}
]
}