mongoDB(2) -- 权限设置

1. 首先需要不加权限启动
   启动时在配置文件中 auth设置为false

[root@iZwz99ucnwwkz0qbh2ik3lZ conf]# more mongodb.conf
dbpath=/usr/local/mongodb/data/db
#bind_ip=127.0.0.1
port=27016
logappend=true
pidfilepath=/usr/local/mongodb/mongo.pid
auth=false
logpath=/usr/local/mongodb/log/mongodb.log

2. 重新启动数据库
   ./mongod --config /usr/local/mongodb/conf/mongodb.conf &

3. 创建超级管理员

use admin
db.createUser(
  {
    user: "root",
    pwd: "root",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

4. 添加用户

use test
db.createUser(
  {
    user: "tester01",
    pwd: "tester01",
    roles: [ { role: "readWrite", db: "test" },
             { role: "read", db: "reporting" } ]
  }
)

use test
db.createUser(
  {
    user: "tester03",
    pwd: "tester03",
    roles: [ { role: "dbAdmin", db: "test" }, 
             { role: "readWrite", db: "test" },
             { role: "read", db: "reporting" } ]
  }
)

5. 带权限登录的两种方式
   5.1 登录时传参数
   mongo --port 27017 -u "myUserAdmin" -p "abc123" --authenticationDatabase "admin"

5.2 登录后权限校验

校验成功

 ```

use admin
switched to db admin
db.auth("root", "root")
1

    校验失败

    ```
> use admin
switched to db admin
> db.auth("root", "root1")
0

6. MongoDB中用户的角色说明
   6.1 read
   数据库的只读权限，包括：

aggregate,checkShardingIndex,cloneCollectionAsCapped,collStats,count,dataSize,dbHash,dbStats,distinct,filemd5，mapReduce (inline output only.),text (beta feature.)geoNear,geoSearch,geoWalk,group

6.2 readWrite
数据库的读写权限，包括:

cloneCollection (as the target database.),convertToCapped，create (and to create collections implicitly.)，renameCollection (within the same database.)findAndModify,mapReduce (output to a collection.) drop(),dropIndexes,emptycapped,ensureIndex()

和read的所有权限

6.3 dbAdmin

clean,collMod,collStats,compact,convertToCappe create,db.createCollection(),dbStats,drop(),dropIndexes ensureIndex()，indexStats,profile,reIndex renameCollection (within a single database.),validate 

6.4. userAdmin角色
数据库的用户管理权限

6.5 clusterAdmin角色
集群管理权限(副本集、分片、主从等相关管理)，包括：

addShard,closeAllDatabases,connPoolStats,connPoolSync,_cpuProfilerStart_cpuProfilerStop,cursorInfo,diagLogging,dropDatabase shardingState,shutdown,splitChunk,splitVector,split,top,touchresync serverStatus,setParameter,setShardVersion,shardCollection replSetMaintenance,replSetReconfig,replSetStepDown,replSetSyncFrom repairDatabase,replSetFreeze,replSetGetStatus,replSetInitiate logRotate,moveChunk,movePrimary,netstat,removeShard,unsetSharding hostInfo,db.currentOp(),db.killOp(),listDatabases,listShardsgetCmdLineOpts,getLog,getParameter,getShardMap,getShardVersion enableSharding,flushRouterConfig,fsync,db.fsyncUnlock()

6.6 readAnyDatabase
任何数据库的只读权限(和read相似)

6.7 readWriteAnyDatabase
任何数据库的读写权限(和readWrite相似)

6.8userAdminAnyDatabase
任何数据库用户的管理权限(和userAdmin相似)

6.9 dbAdminAnyDatabase
任何数据库的管理权限(dbAdmin相似)
6.10__system什么权限都有