MongoDB之脚色与权限及创建用户与授权操作详解
MongoDB之脚色与权限及创建用户与授权操作详解1. 脚色与权限
1. 脚色分类
脚色分类脚色分类中的详细脚色数据库用户脚色read、readWrite数据库管理脚色dbAdmin、dbOwner、userAdmin集群管理脚色clusterAdmin、clusterManager、clusterMonitor、hostManage数据库备份、恢复脚色backup、restore全部数据库脚色readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase超级用户脚色root内部脚色__system 2. 权限说明
权限说明read允许用户读取指定数据库readWrite允许用户读写指定数据库dbAdmin允许用户在指定数据库中执行管理函数,如索引创建、删除、检察统计或访问system.profileuserAdmin允许用户向system.users聚集写入,可以在指定数据库中创建、删除和管理用户clusterAdmin必须在admin数据库中定义,赋予用户全部分片和复制集相干函数的管理权限readAnyDatabase必须在admin数据库中定义,赋予用户全部数据库的读权限readWriteAnyDatabase必须在admin数据库中定义,赋予用户全部数据库的读写权限userAdminAnyDatabase必须在admin数据库中定义,赋予用户全部数据库的userAdmin权限dbAdminAnyDatabase必须在admin数据库中定义,赋予用户全部数据库的dbAdmin权限root必须在admin数据库中定义,超级账号,超级权限 2. MongDB创建用户及删除用户
1. 创建用户
use admin
db.createUser({
"user":"用户名",
"pwd":"密码",
"roles":[
# 角色可配多个
{role:"角色",db:"所属数据库"}
],
# 用户信息,可选
coustomData:{
name:"jinshengyuan",
email:"xxx@xx.com"
}
})
# 创建一个不受访问限制的用户,
db.createUser({
user:"wei",
pwd:"wei",
roles:["root"]
})
2. 检察用户信息
use admin
show users
db.system.users.find()
db.system.users.pretty()
db.runCommand({userInfo:"用户名"})
3. 修改用户暗码
use amdin
db.changeUserPassword("用户名","新密码")
# 修改用户密码及用户信息
db.runCommand({updateUser:"用户名",pwd:"新密码",customData:{age:22}})
3. db.runCommand创建用户与授权
可通过db.runCommand下令行来创建/修改用户与授予相干权限的操作
1. 创建用户
use admin
db.runCommand({
"createUser" : "yuan",
"pwd" : "yuan",
"customData" : {
},
"roles" : [
{
"role" : "__queryableBackup",
"db" : "admin"
},
{
"role" : "__system",
"db" : "admin"
},
{
"role" : "backup",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "clusterManager",
"db" : "admin"
},
{
"role" : "clusterMonitor",
"db" : "admin"
},
{
"role" : "dbAdmin",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "enableSharding",
"db" : "admin"
},
{
"role" : "hostManager",
"db" : "admin"
},
{
"role" : "read",
"db" : "admin"
},
{
"role" : "readAnyDatabase",
"db" : "admin"
},
{
"role" : "readWrite",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "restore",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
});
2. 更改用户权限
use admin
db.runCommand({
"updateUser" : "yuan",
"customData" : {
},
"roles" : [
{
"role" : "readWrite",
"db" : "yuan"
},
{
"role" : "__queryableBackup",
"db" : "admin"
},
{
"role" : "__system",
"db" : "admin"
},
{
"role" : "backup",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "clusterManager",
"db" : "admin"
},
{
"role" : "clusterMonitor",
"db" : "admin"
},
{
"role" : "dbAdmin",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "enableSharding",
"db" : "admin"
},
{
"role" : "hostManager",
"db" : "admin"
},
{
"role" : "read",
"db" : "admin"
},
{
"role" : "readAnyDatabase",
"db" : "admin"
},
{
"role" : "readWrite",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "restore",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
});
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]