數據庫操作權限
readAnyDatabase 任何數據庫的只讀權限
userAdminAnyDatabase 任何數據庫的讀寫權限
userAdminAnyDatabase 任何數據庫用戶的管理權限
dbAdminAnyDatabase 任何數據庫的管理權限
啟動客戶端:
cd /usr/local/mongodb/
./mongo
查看一下用戶表有沒有數據
db.system.users.find()
查看用戶
> show users
>
>
MongoDB創建數據庫管理員用戶
# 切換至admin數據庫。 # 也可以使用db = db.getSiblingDB('admin')代替use admin。 use admin # 創建管理員用戶,並指定其權限。 db.createUser({ user : 'root', pwd : '123456', roles : [ 'clusterAdmin', 'dbAdminAnyDatabase', 'userAdminAnyDatabase', 'readWriteAnyDatabase' ] })
輸出
> db.createUser({ ... user : 'root', ... pwd : '123456', ... roles : [ ... 'clusterAdmin', ... 'dbAdminAnyDatabase', ... 'userAdminAnyDatabase', ... 'readWriteAnyDatabase' ... ] ... }) Successfully added user: { "user" : "root", "roles" : [ "clusterAdmin", "dbAdminAnyDatabase", "userAdminAnyDatabase", "readWriteAnyDatabase" ] }
重啟MongoDB服務並加上--auth參數
./mongod --dbpath=/usr/local/mongodb/data --logpath=/usr/local/mongodb/logs --logappend --port=27017 --fork --auth
查看用戶,會報錯
> use admin switched to db admin > show users 2019-02-15T15:20:52.250+0800 E QUERY [js] Error: command usersInfo requires authentication : _getErrorWithCode@src/mongo/shell/utils.js:25:13 DB.prototype.getUsers@src/mongo/shell/db.js:1763:1 shellHelper.show@src/mongo/shell/utils.js:859:9 shellHelper@src/mongo/shell/utils.js:766:15 @(shellhelp2):1:1
此時需要認證
> db.auth('root','123456') 1 >
查看用戶,就可以看到了
> show users { "_id" : "admin.root", "user" : "root", "db" : "admin", "roles" : [ { "role" : "clusterAdmin", "db" : "admin" }, { "role" : "dbAdminAnyDatabase", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ], "mechanisms" : [ "SCRAM-SHA-1", "SCRAM-SHA-256" ] } >
建立普通帳號
用戶user
db.createUser( {user:'user', pwd:'123456', roles:[ {role:'readWrite', db:'userdb'} ] })
輸出
> db.createUser( ... {user:'user', ... pwd:'123456', ... roles:[ ... {role:'readWrite', db:'userdb'} ... ] ... }) Successfully added user: { "user" : "user", "roles" : [ { "role" : "readWrite", "db" : "userdb" } ] } >
查看用戶
> show users { "_id" : "admin.root", "user" : "root", "db" : "admin", "roles" : [ { "role" : "clusterAdmin", "db" : "admin" }, { "role" : "dbAdminAnyDatabase", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ], "mechanisms" : [ "SCRAM-SHA-1", "SCRAM-SHA-256" ] } { "_id" : "admin.user", "user" : "user", "db" : "admin", "roles" : [ { "role" : "readWrite", "db" : "userdb" } ], "mechanisms" : [ "SCRAM-SHA-1", "SCRAM-SHA-256" ] } >
用戶user1
db.createUser( {user:'user1', pwd:'123456', roles:[ {role:'root', db:'userdb'} ] })
接下來,為指定數據庫創建一般用戶角色,用於程序讀取、修改數據庫。
假如現有blog數據庫,要為其創建用戶名為admin、密碼為123456,擁有CRUD(增查改刪)權限,指令如下:
# 切換至blog數據庫。 use blog # 創建admin用戶。 db.createUser({ user : 'admin', pwd : '123456', roles : ['readWrite'] })
參考:
https://blog.csdn.net/Hu_wen/article/details/76690508
https://www.cnblogs.com/sea-stream/p/10369334.html