创建用户
use admin
db.createUser(
{
user: "admin",
pwd: "admin",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
2、
use test
db.createUser(
{
user: "test",
pwd: "test",
roles: [ { role: "readWrite", db: "test" }]
}
)
3.查看权限
Use admin
db.createUser(
{
user: "local",
pwd: "local",
roles: [ { role: "read", db: "local" }]
}
)
创建角色
收回权限
db.revokeRolesFromUser(
"reportsUser",
[
{ role: "readWrite", db: "accounts" }
]
)
授权
db.grantRolesToUser(
"reportsUser",
[
{ role: "read", db: "accounts" }
]
)
创建ADMIN用户
创建admin用户
admin = db.getSiblingDB("admin")
admin.createUser(
{
user: "admin",
pwd: "admin",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
db.grantRolesToUser('admin', [{role:'clusterAdmin',db:'admin'}])
关闭数据库
use admin
db.shutdownServer()
登录到primary
db.getSiblingDB("admin").auth("admin", "admin" )
创建用户
db.getSiblingDB("admin").createUser(
{
"user" : "clusterAdmin",
"pwd" : "clusterAdmin",
roles: [ { "role" : "clusterAdmin", "db" : "admin" } ]
}
)
修改密码
db.changeUserPassword('password','newPassword');
授权数据库
db.getSiblingDB("dbname").auth("db", "password" )
查看用户及角色
查看当前数据库用户
db.system.users.find();
Db.getUsers();
Db.getUser(‘admin’);
查看用户的权限
db.getUser("reportsUser")
查看角色授予的用户
db.getRole( "readWrite", { showPrivileges: true } )
删除用户
db.dropUser(‘admin’)
重建ADMIN用户
不小心把admin用户删除了,重新admin用户无法创建,报错为:
Error: couldn't add user: not authorized on admin to execute command 。。。.
如何重新报建admin用户呢?
思路:
A: 在mongodb.conf中注释掉security认证部分
B: 重启MONGO
C:创建用户 admin
D:修改配置文件打开security认证部分且重新启动
主从DB上注释安全认证部分
1) vi /etc/mongod.conf
注释下面的内容
#security:
# clusterAuthMode: keyFile
# keyFile: /data/mongodb/key/repl_set.key
# authorization: enabled
重新启动Mongo
systemctl restart mongod.service
Master上创建用户
use admin
db.system.users.find()
db.dropUser("admin")
db.system.users.remove({user:"admin"})
db.createUser({user:"userName",pwd:"password",roles:["readWrite"]})
db.grantRolesToUser("admin",[{ role: "clusterAdmin", db: "admin" }]);
db.grantRolesToUser("admin",[{ role: "userAdminAnyDatabase", db: "admin" }]);
db.grantRolesToUser("admin",[{ role: "root", db: "admin" }]);
在主和从 mongo DB servers上打开注释
vi /etc/mongod.conf
//打开下面的内容
security:
clusterAuthMode: keyFile
keyFile: /data/mongodb/key/repl_set.key
authorization: enabled
重新启动
systemctl restart mongod
启动后可以按如下进行数据库授权访问了
> use admin
> db.auth("userName","password")
如果允许slave 读操作,则在slave上执行 rs.slaveOk(); 就OK