Mongodb 用户管理

372次阅读
没有评论

用户角色

数据库用户角色(Database User Roles)

  • read : 授权User只读数据的权限,允许用户读取指定的数据库
  • readWrite 授权User读/写数据的权限,允许用户读/写指定的数据库

数据库管理角色(Database Admininstration Roles)

  • dbAdmin:在当前的数据库中执行管理操作,如索引的创建、删除、统计、查看等
  • dbOwner:在当前的数据库中执行任意操作,增、删、改、查等
  • dbOwner:在当前的数据库中执行任意操作,增、删、改、查等
  • userAdmin :在当前的数据库中管理User创建、删除和管理用户。

备份和还原角色(Backup and Restoration Roles)

  • backup
  • restore

跨库角色(All-Database Roles)

  • readAnyDatabase:授权在所有的数据库上读取数据的权限,只在admin 中可用
  • readWriteAnyDatabase:授权在所有的数据库上读写数据的权限,只在admin 中可用
  • userAdminAnyDatabase:授权在所有的数据库上管理User的权限,只在admin中可用
  • dbAdminAnyDatabase: 授权管理所有数据库的权限,只在admin 中可用

集群管理角色(Cluster Administration Roles)

  • clusterAdmin:授权管理集群的最高权限,只在admin中可用
  • clusterManager:授权管理和监控集群的权限
  • clusterMonoitor:授权监控集群的权限,对监控工具具有readonly的权限
  • hostManager:管理server

超级角色(super master Roles)

  • root :超级账户和权限,只在admin中可用

参考链接:官方链接

用户创建

确保配置文件开启安全认证功能

cat /mongodb/conf/mongodb.conf
....
security:
  authorization: enabled
....

创建用户语法

db.createUser(
{
    user: "<name>",
    pwd: "<cleartext password>",
    roles: [
       { role: "<role>",
     db: "<database>" } | "<role>",
    ...
    ]
}
)

创建普通用户

# 创建单库权限用户
use test
db.createUser(
{
    user: "usertest",
    pwd: "user123",
    roles: [ { role: "read", db: "test" } ]
}
)

# 创建多库读写权限用户
use app
db.createUser(
{
user: "app03",
pwd: "app03",
roles: [ { role: "readWrite", db: "app" },
{ role: "read", db: "test" }
]
}
)

创建管理用户

# 必须use admin再去创建
use admin

db.createUser(
{
    user: "root",
    pwd: "root123",
    roles: [ { role: "root", db: "admin" } ]
}
)

修改用户

1.修改用户密码

# 方式一
db.changeUserPassword("user123","changepwd")
# 方式二
db.updateUser("user123",{pwd:"changepwd"})

用户删除

db.dropUser('user123')

用户授权

更新用户

db.updateUser(
{
    user: "user123",
    roles: [ { role: "read", db: "test" } ]
}
)

# 查看用户信息
show users

增加权限

db.grantRolesToUser(
{
    user: "user123",
    roles: [ { role: "read", db: "test" }, { role: "readWrite", db: "test" }]
}
)

回收权限

db.revokeRolesFromUser(
{
    user: "user123",
    roles: [ { role: "read", db: "test" }]
}
)

查看用户信息

> db.system.users.find().pretty()
{
	"_id" : "admin.root",
	"user" : "root",
	"db" : "admin",
	"credentials" : {
		"SCRAM-SHA-1" : {
			"iterationCount" : 10000,
			"salt" : "cK+x0qUELb5M2IyL5ledLA==",
			"storedKey" : "SyD1q88+XgN63/h4qYLmxH3yDqw=",
			"serverKey" : "NWXPh02yLrNi3HnsQEnnkeRwkdY="
		}
	},
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	]
}
{
	"_id" : "app.admin",
	"user" : "admin",
	"db" : "app",
	"credentials" : {
		"SCRAM-SHA-1" : {
			"iterationCount" : 10000,
			"salt" : "MTwkFFEvqmbq7POuP3OnWg==",
			"storedKey" : "CX7LE289+aqPNWlEing/WDZX31Q=",
			"serverKey" : "rFeWZN6RSoduneD9UKT0+43nOBE="
		}
	},
	"roles" : [
		{
			"role" : "dbAdmin",
			"db" : "app"
		}
	]
}
{
	"_id" : "app.app01",
	"user" : "app01",
	"db" : "app",
	"credentials" : {
		"SCRAM-SHA-1" : {
			"iterationCount" : 10000,
			"salt" : "Hz+td7/Y/dL+UE0a0aIXcw==",
			"storedKey" : "q4SHv2QQansJo/DKjdcS94zilh8=",
			"serverKey" : "54WkVA3nSAFMiM/sM9nsr7ureDU="
		}
	},
	"roles" : [
		{
			"role" : "readWrite",
			"db" : "app"
		}
	]
}
{
	"_id" : "app.app03",
	"user" : "app03",
	"db" : "app",
	"credentials" : {
		"SCRAM-SHA-1" : {
			"iterationCount" : 10000,
			"salt" : "vmpngvlJ2O+mEvGSre8vyA==",
			"storedKey" : "Mti7WZugvVT7arMUF5QS/asQiO0=",
			"serverKey" : "h7UKso1UvCCwPmfu3yZ0ejytL7w="
		}
	},
	"roles" : [
		{
			"role" : "readWrite",
			"db" : "app"
		},
		{
			"role" : "read",
			"db" : "test"
		}
	]
}
1
xadocker
版权声明:本站原创文章,由 xadocker 2020-08-05发表,共计2772字。
转载说明:除特殊说明外本站文章皆由CC-4.0协议发布,转载请注明出处。
评论(没有评论)
验证码
载入中...
0.263