MongoDB中几种常用用户角色:
dbDao 百度贴吧:http://tieba.baidu.com/dbdao
MongoDB技术学习QQ群: 421431253
dbAdmin 在db范围内包括下面的权限:
- collStats
- dbHash
- dbStats
- find
- killCursors
- listIndexes
- listCollections
- dropCollection 和 createCollection on system.profile only
userAdmin在db范围内包括如下权限:
- changeCustomData
- changePassword
- createRole
- createUser
- dropRole
- dropUser
- grantRole
- revokeRole
- viewRole
- viewUser
readAnyDatabase 对所有数据库中的collection可读,同时包含listDatabases权限
readWriteAnyDatabase 对所有数据库中的collection可读且可写,同时包含listDatabases权限
userAdminAnyDatabase 对所有数据库拥有userAdmin角色,同时包含listDatabases权限
dbAdminAnyDatabase 对所有数据库拥有dbAdmin角色,同时包含listDatabases权限
cluster相关的权限 clusterMonitor、hostManager、clusterManager、clusterAdmin
root权限, 包含 readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase 和 clusterAdmin 等角色。 但不能访问system. 开头的collection(root does not include any access to collections that begin with the system. prefix.)
__system 超级角色
相关官方文档:http://docs.mongodb.org/manual/reference/built-in-roles/#__system
__system包含下面这些权限:
> use admin
switched to db admin
> db.createUser(
... {
... user: "maclean_dbdao2",
... pwd: "maclean_dbdao2",
... roles: [ { role: "__system", db: "admin" } ]
... }
... )
Successfully added user: {
"user" : "maclean_dbdao2",
"roles" : [
{
"role" : "__system",
"db" : "admin"
}
]
}
>
>
>
bye
10:~ maclean$ mongo localhost:35002/admin -u maclean_dbdao2 -p
MongoDB shell version: 3.0.2
Enter password:
connecting to: localhost:35002/admin
> show roles
{
"role" : "__system",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "backup",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "clusterAdmin",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "clusterManager",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "clusterMonitor",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "dbAdmin",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "dbAdminAnyDatabase",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "dbOwner",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "hostManager",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "read",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "readAnyDatabase",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "readWrite",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "readWriteAnyDatabase",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "restore",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "root",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "userAdmin",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "userAdminAnyDatabase",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
mongodb 3.0中db.getUsers() 获得db中的用户信息
> db.getUsers();
[
{
"_id" : "admin.maclean",
"user" : "maclean",
"db" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
},
{
"_id" : "admin.maclean1",
"user" : "maclean1",
"db" : "admin",
"roles" : [
{
"role" : "__system",
"db" : "admin"
}
]
},
{
"_id" : "admin.maclean_dbdao2",
"user" : "maclean_dbdao2",
"db" : "admin",
"roles" : [
{
"role" : "__system",
"db" : "admin"
}
]
}
]
启用mongodb授权认证的方法:
1、以–auth 启动mongod
2、在配置文件mongod.conf 中加入 auth = true
第一次启用–auth时会出现:
2015-05-13T11:20:22.296+0800 I ACCESS [conn1] note: no users configured in admin.system.users, allowing localhost access
2015-05-13T11:20:22.297+0800 I ACCESS [conn1] Unauthorized not authorized on admin to execute command { getLog: “startupWarnings” }
2015-05-13T12:07:08.680+0800 I INDEX [conn1] build index on: admin.system.users properties: { v: 1, unique: true, key: { user: 1, db: 1 }, name: “user_1_db_1″, ns: “admin.system.users” }
即之前未定义过用户,所以mongod将允许本地直接访问
mongo 登陆后 创建一个合适的超级用户
use admin
db.createUser(
{
user: "maclean",
pwd: "maclean",
roles: [ { role: "__system", db: "admin" } ]
}
)
http://docs.mongodb.org/manual/reference/method/db.createUser/
给一个用户授权 :
use admin
db.grantRolesToUser(
"macleanz",
[
{ role: "readAnyDatabase", db:"admin" }
]
)
http://docs.mongodb.org/manual/tutorial/assign-role-to-user/
启用replica set 时需要做的授权:
use admin
db.createUser( {
user: "siteUserAdmin",
pwd: "",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
});
db.createUser( {
user: "siteRootAdmin",
pwd: "",
roles: [ { role: "root", db: "admin" } ]
});
http://docs.mongodb.org/manual/tutorial/deploy-replica-set-with-auth/
相关文章 | Related posts:
- MongoDB Aggregation聚集测试 dbDao 百度贴吧:http://tieba.baidu.com/dbdao MongoDB技术学习QQ群: […]...
- MongoDB 配置Sharding Cluster 基于Ubuntu 本教程基于Ubuntu 14.04.2 LTS \n \l和mongoDB 3.0, 配置了3个 Config […]...
- 12c Pluggable Database Container Database权限与角色管理 oracle@localhost:~$ oerr ora 65050 65050, […]...
- MongoDB BSONObj size is invalid错误一例 dbDao 百度贴吧:http://tieba.baidu.com/dbdao MongoDB技术学习QQ群: […]...
- MongoDB db.collection.remove()方法 mongodb中删除document采用remove方法, http://docs.mongodb.org/m […]...
- MongoDB $unset重置某个field 对于已经有值的field,在mongodb中可以使用$unset操作符来重置该field。 http://do […]...
- MongoDB获取命令行启动参数getCmdLineOpts MongoDB获取命令行启动参数的方法; 有时候希望知道启动mongd的启动参数,可以使用如下命令获得: db […]...
- MongoDB _id Key的一些信息 关于 mongodb _id key: _id key可以用户分配,也可以由mongodb自动分配,一般采用自 […]...
- MongoDB中的unique constraint/index Mongodb中可以使用ensureIndex/createIndex+unique:true来创建uniqu […]...
- MongoDB db.collection. ensureIndex 和 db.collection.createIndex 注意从mongoDB 3.0开始ensureIndex被废弃,今后都仅仅是db.collection.crea […]...
原文地址:http://www.tuicool.com/articles/fMZbUzu