mongodb创建local库用户_mongodb用户创建与授权
## 1.用戶授權
## (1) 在非--auth模式下啟動
/mongodb/bin/mongod --dbpath=/data/mongodb
--logpath=/mongodb/logs/mongodb.log --logappend --journal --fork
--port=27017
> use admin
switched to db admin
> db.dropDatabase();
{ "dropped" : "admin", "ok" : 1 }
> use admin
switched to db admin
## 創建一個用戶,有root權限
> db.createUser({user:"admin",pwd:"admin", roles:
[{role:"root", db:"admin"}]});
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" :
"root",
"db" :
"admin"
}
]
}
## (2) 可以看到相關集合以及關于新建用戶的內容
> show collections;
system.indexes
system.users
system.version
> db.system.users.find();
{ "_id" : "admin.admin", "user" : "admin", "db" : "admin",
"credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000,
"salt" : "2XdOg1YlUa5wwLj3Fx8WhA==", "storedKey"
:
"ENNWUOiKxfasE1Dz16qcXky44F4=", "serverKey" :
"deQB8LeyV4wkT4bfDf8gmbXiO9I=" } }, "roles" : [ { "role" : "root",
"db" : "admin" } ] }
> db.system.indexes.find();
{ "v" : 1, "key" : { "_id" : 1 }, "name" : "_id_", "ns" :
"admin.system.version" }
{ "v" : 1, "key" : { "_id" : 1 }, "name" : "_id_", "ns" :
"admin.system.users" }
{ "v" : 1, "unique" : true, "key" : { "user" : 1, "db" : 1 },
"name" : "user_1_db_1", "ns" : "admin.system.users" }
> db.system.version.find();
{ "_id" : "authSchema", "currentVersion" : 5 }
>
## (3)現在啟用--auth
/mongodb/bin/mongod --dbpath=/data/mongodb
--logpath=/mongodb/logs/mongodb.log --logappend --journal --fork
--port=27017 --auth
## 直接mongo進去,發現啥也做不了
[root@centos511 ~]# mongo
MongoDB shell version: 3.0.7
connecting to: test
> show dbs;
2016-01-13T16:01:12.396+0800 E QUERY ?Error: listDatabases failed:{
"ok" : 0,
"errmsg" : "not authorized on admin to execute
command { listDatabases: 1.0 }",
"code" : 13
}
at Error ()
at Mongo.getDBs
(src/mongo/shell/mongo.js:47:15)
at shellHelper.show
(src/mongo/shell/utils.js:630:33)
at shellHelper
(src/mongo/shell/utils.js:524:36)
at (shellhelp2):1:1 at
src/mongo/shell/mongo.js:47
>
## (4)剛才在數據庫admin創建了一個賬戶叫admin密碼admin,
## ?先切換到admin庫進行連接(其他db則登錄失敗):
[root@centos511 ~]# mongo
MongoDB shell version: 3.0.7
connecting to: test
> db.auth("admin","admin");
Error: 18 Authentication failed.
0
> use my_mongodb;
switched to db my_mongodb
> db.auth("admin","admin");
Error: 18 Authentication failed.
0
> use admin;
switched to db admin
> db.auth("admin","admin")
1
## db.auth("admin","admin")返回值為1,說明登錄成功!
##
db.auth("admin","admin")的記錄是不存在的,執行完后這一行在shell中不會記錄歷史。
## (5) 到admin庫直接用db.auth登錄
> use admin;
switched to db admin
> db.auth("admin","admin");
1
## 如果寫錯了庫名admin,
可以寫正確庫名admin后db.auth登錄,
## 進去后可以直接刪除,可以直接刪除
> use amin;
switched to db amin
> db.dropDatabase();
{ "ok" : 1 }
## 切換到admin庫,登錄admin用戶
> use admin;
switched to db admin
> db.auth("admin","admin");
1
> show dbs;
admin ?0.078GB
local ?0.078GB
my_mongodb ?0.078GB
test ?0.078GB
## (6) 所以現在創建另一個用戶rwuser(切換在admin數據庫創建), 有readWrite權限
>
db.createUser({user:"rwuser",pwd:"rwuser",roles:[{role:"readWrite",db:"my_mongodb"}]});
Successfully added user: {
"user" : "rwuser",
"roles" : [
{
"role" :
"readWrite",
"db" :
"my_mongodb"
}
]
}
> use my_mongodb
switched to db my_mongodb
> show tables;
system.indexes
user
## 發現無法登錄
> db.auth("rwuser","rwuser");
Error: 18 Authentication failed.
0
## 只能在admin登錄
> use admin
switched to db admin
> db.auth("rwuser","rwuser");
1
## 這時再切換到my_mongodb測試庫,可以使用
> use my_mongodb
switched to db my_mongodb
> show tables;
system.indexes
user
## (7)對于用戶, 可以增減角色:
## 增加角色:
db.grantRolesToUser("username",[{role:"",db:""}]);
db.grantRolesToUser('rwuser',[{role:"dbOwner",db:"my_mongodb"}]);
## 取消角色:
db.revokeRolesFromUser("username",[{role:"",db:""}]);
db.revokeRolesFromUser('rwuser',[{role:"readWrite",db:"my_mongodb"}]);
## 切換到admin用戶
> use admin;
switched to db admin
> db.auth("admin","admin");
1
## 授予dbOwner角色, 并取消readWrite角色
>
db.grantRolesToUser('rwuser',[{role:"dbOwner",db:"my_mongodb"}]);
>
db.revokeRolesFromUser('rwuser',[{role:"readWrite",db:"my_mongodb"}]);
## my_mongodb直接登錄失敗
> use my_mongodb;
switched to db my_mongodb
> db.auth("rwuser","rwuser");
Error: 18 Authentication failed.
0
> db
my_mongodb
## 切換到admin登錄
> use admin
switched to db admin
> db.auth("rwuser","rwuser");
1
> use my_mongodb;
switched to db my_mongodb
## dbOwner有list collections權限, 插入權限, find權限
> show collections;
system.indexes
user
>
db.user.save({"uid":3,"username":"Steven","age":27});
WriteResult({ "nInserted" : 1 })
> db.user.find({uid:3});
{ "_id" : ObjectId("56961538e8fc7d6a180d4607"), "uid" : 3,
"username" : "Steven", "age" : 27 }
(8) 在創建用戶時可以在其數據庫創建,不用每次切換到admin數據庫登錄后再切換
## 1) admin登錄
> use admin;
switched to db admin
> db.auth("admin","admin");
1
## 2) 切換到業務庫,進行創建用戶,發現可以直接在業務庫進行新用戶登錄
> use my_mongodb
switched to db my_mongodb
>
db.createUser({user:"usersteven",pwd:"usersteven",roles:[{
role:"dbOwner",db:"my_mongodb"}]});
Successfully added user: {
"user" : "usersteven",
"roles" : [
{
"role" :
"dbOwner",
"db" :
"my_mongodb"
}
]
}
> db.auth("usersteven","usersteven");
1
## 2.創建角色
## 切換到my_mongodb并且在數據庫my_mongodb中創建角色
## roles: ?創建角色"testRole"在數據庫"my_mongodb" 中
## privileges: 該角色可查看"find"數據庫"my_mongodb"的所有集合
## db.dropRole("testRole")進行刪除角色
## (1)切換admin庫admin用戶登錄
> use admin;
switched to db admin
> db.auth("admin","admin");
1
## (2)切換至my_mongodb,并創建角色,action行為配置為find
> use my_mongodb
switched to db my_mongodb
>
db.createRole({role:"testRole",privileges:[{resource:{db:"my_mongodb",collection:""},
actions:["find"]}],roles:[]});
{
"role" : "testRole",
"privileges" : [
{
"resource"
: {
"db" : "my_mongodb",
"collection" : ""
},
"actions"
: [
"find"
]
}
],
"roles" : [ ]
}
## (3) 去admin庫admin用戶登錄查看授權情況
> use admin;
switched to db admin
> show collections;
system.indexes
system.roles
system.users
system.version
> db.system.roles.find();
{ "_id" : "my_mongodb.testRole", "role" : "testRole", "db" :
"my_mongodb", "privileges" : [ { "resource" : { "db" :
"my_mongodb", "collection" : "" }, "actions" : [ "find" ] } ],
"roles" : [ ] }
## (4) 回到my_mongodb,創建用戶userwill,并授予自定義角色
> use my_mongodb
switched to db my_mongodb
>
db.createUser({user:"userwill",pwd:"userwill",roles:[{role:"testRole",
db:"my_mongodb"}]});
Successfully added user: {
"user" : "userwill",
"roles" : [
{
"role" :
"testRole",
"db" :
"my_mongodb"
}
]
}
## 退出,切庫至my_mongodb,新用戶userwill登錄
> exit
bye
[root@centos511 ~]# mongo
MongoDB shell version: 3.0.7
connecting to: test
> use my_mongodb;
switched to db my_mongodb
> db.auth("userwill","userwill");
1
## 可以find
> db.user.find({uid:3});
{ "_id" : ObjectId("56961538e8fc7d6a180d4607"), "uid" : 3,
"username" : "Steven", "age" : 27 }
## 但也只有查詢權限,
> db.user.save({"uid":4,"username":"will","age":28});
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on
my_mongodb to execute command { insert: "user", documents: [ {
uid: 4.0, username: "will", age: 28.0, _id:
ObjectId('56963bd65a3618cf60c7e08a') } ], ordered: true }"
}
})
##
(5)給testRole添加三個"privilege"權限:"update","insert","remove",再重新操作
## 給權限又只能切換到admin庫admin用戶登錄
> use admin;
switched to db admin
> db.auth("admin","admin");
1
>
db.grantPrivilegesToRole("testRole",[{resource:{db:"my_mongodb",collection:""},actions:["update","insert","remove"]}]);
## 退出重新登錄
> exit
[root@centos511 ~]# mongo
MongoDB shell version: 3.0.7
connecting to: test
## 切換到my_mongodb庫
> use my_mongodb
switched to db my_mongodb
## 登錄
> db.auth("userwill","userwill");
1
## 發現保存成功
> db.user.save({"uid":4,"username":"will","age":28});
WriteResult({ "nInserted" : 1 })
## uid=4記錄保存成功
> db.user.find();
{ "_id" : ObjectId("56939ea79c8c3085fbb0283d"), "uid" : 2,
"username" : "Jerry", "age" : 100 }
{ "_id" : ObjectId("56939ea79c8c3085fbb0283e"), "uid" : 1,
"username" : "Tom", "age" : 25 }
{ "_id" : ObjectId("56961538e8fc7d6a180d4607"), "uid" : 3,
"username" : "Steven", "age" : 27 }
{ "_id" : ObjectId("5697399f23598adf661315c3"), "uid" : 4,
"username" : "will", "age" : 28 }
>
## 切換至admin庫查看權限,發現不準
> use admin;
switched to db admin
> db.system.roles.find();
Error: error: { "$err" : "not authorized for query on
admin.system.roles", "code" : 13 }
## 只有登錄admin用戶才能查看權限
> db.auth("admin","admin");
1
> db.system.roles.find();
{ "_id" : "my_mongodb.testRole", "role" : "testRole", "db" :
"my_mongodb", "privileges" : [ { "resource" : { "db" :
"my_mongodb", "collection" : "" }, "actions" : [ "find", "insert",
"remove", "update" ] } ], "roles" : [ ] }
## (6) 更改角色roles, 不同于增加或減少授權, 而是完整更新。
Privileges也可以更新和替換!
> use admin
switched to db admin
> db.auth("admin","admin")
1
> use my_mongodb
switched to db my_mongodb
> db.updateRole("testRole",{ roles:[{ role: "readWrite",db:
"my_mongodb"}]},{ w:"majority" })
> db.auth("userwill","userwill");
1
> show dbs;
admin ?0.078GB
local ?0.078GB
my_mongodb ?0.078GB
test ?0.078GB
總結
以上是生活随笔為你收集整理的mongodb创建local库用户_mongodb用户创建与授权的全部內容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Matlab中pickic_法语「野餐」
- 下一篇: vue 方法里面修改样式_vue中修改s