MongoDB之角色与权限及创建用户与授权操作详解
文章目录
- MongoDB之角色与权限及创建用户与授权操作详解
- 1. 角色与权限
-
- 2. MongDB创建用户及删除用户
-
- 1. 创建用户
- 2. 查看用户信息
- 3. 修改用户密码
- 3. db.runCommand创建用户与授权
-
1. 角色与权限
1. 角色分类
| 角色分类 |
角色分类中的具体角色 |
| 数据库用户角色 |
read、readWrite |
| 数据库管理角色 |
dbAdmin、dbOwner、userAdmin |
| 集群管理角色 |
clusterAdmin、clusterManager、clusterMonitor、hostManage |
| 数据库备份、恢复角色 |
backup、restore |
| 所有数据库角色 |
readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase |
| 超级用户角色 |
root |
| 内部角色 |
__system |
2. 权限说明
| 权限 |
说明 |
| read |
允许用户读取指定数据库 |
| readWrite |
允许用户读写指定数据库 |
| dbAdmin |
允许用户在指定数据库中执行管理函数,如索引创建、删除、查看统计或访问system.profile |
| userAdmin |
允许用户向system.users集合写入,可以在指定数据库中创建、删除和管理用户 |
| clusterAdmin |
必须在admin数据库中定义,赋予用户所有分片和复制集相关函数的管理权限 |
| readAnyDatabase |
必须在admin数据库中定义,赋予用户所有数据库的读权限 |
| readWriteAnyDatabase |
必须在admin数据库中定义,赋予用户所有数据库的读写权限 |
| userAdminAnyDatabase |
必须在admin数据库中定义,赋予用户所有数据库的userAdmin权限 |
| dbAdminAnyDatabase |
必须在admin数据库中定义,赋予用户所有数据库的dbAdmin权限 |
| root |
必须在admin数据库中定义,超级账号,超级权限 |
|
|
2. MongDB创建用户及删除用户
1. 创建用户
use admin
db.createUser({
"user":"用户名",
"pwd":"密码",
"roles":[
{role:"角色",db:"所属数据库"}
],
coustomData:{
name:"jinshengyuan",
email:"[email protected]"
}
})
db.createUser({
user:"wei",
pwd:"wei",
roles:["root"]
})
2. 查看用户信息
use admin
show users
db.system.users.find()
db.system.users.pretty()
db.runCommand({userInfo:"用户名"})
3. 修改用户密码
use amdin
db.changeUserPassword("用户名","新密码")
db.runCommand({updateUser:"用户名",pwd:"新密码",customData:{age:22}})
3. db.runCommand创建用户与授权
可通过db.runCommand命令行来创建/修改用户与授予相关权限的操作
1. 创建用户
use admin
db.runCommand({
"createUser" : "yuan",
"pwd" : "yuan",
"customData" : {
},
"roles" : [
{
"role" : "__queryableBackup",
"db" : "admin"
},
{
"role" : "__system",
"db" : "admin"
},
{
"role" : "backup",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "clusterManager",
"db" : "admin"
},
{
"role" : "clusterMonitor",
"db" : "admin"
},
{
"role" : "dbAdmin",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "enableSharding",
"db" : "admin"
},
{
"role" : "hostManager",
"db" : "admin"
},
{
"role" : "read",
"db" : "admin"
},
{
"role" : "readAnyDatabase",
"db" : "admin"
},
{
"role" : "readWrite",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "restore",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
});
2. 更改用户权限
use admin
db.runCommand({
"updateUser" : "yuan",
"customData" : {
},
"roles" : [
{
"role" : "readWrite",
"db" : "yuan"
},
{
"role" : "__queryableBackup",
"db" : "admin"
},
{
"role" : "__system",
"db" : "admin"
},
{
"role" : "backup",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "clusterManager",
"db" : "admin"
},
{
"role" : "clusterMonitor",
"db" : "admin"
},
{
"role" : "dbAdmin",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "enableSharding",
"db" : "admin"
},
{
"role" : "hostManager",
"db" : "admin"
},
{
"role" : "read",
"db" : "admin"
},
{
"role" : "readAnyDatabase",
"db" : "admin"
},
{
"role" : "readWrite",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "restore",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
});
