前言
本文主要介紹了mongodb用戶權限管理的相關內容,關于接著上次實踐的部分,下面話不多說了,來一起看看詳細的介紹吧
啟動mongodb并連接
./bin/mongod -f conf/mongod.conf./bin/mongo 127.0.0.1:12345
查看默認的數據庫情況
> show dbsadmin 0.000GBlocal 0.000GB> use adminswitched to db admin> show tablessystem.version
可以看到,目前數據庫里除了一些基本信息,什么都沒有
在創建設置用戶權限之前,先了解一下文檔知識
創建用戶
# demodb.createUser( { user: "reportsUser", pwd: "12345678", roles: [ { role: "read", db: "reporting" }, { role: "read", db: "products" }, { role: "read", db: "sales" }, { role: "readWrite", db: "accounts" } ] })數據庫內建角色
數據庫用戶角色
數據庫管理角色
集群管理角色
備份恢復角色
所有數據庫角色
超級用戶角色
內部角色
有了創建語法,和參數說明,接下來開始實踐.
注意,還有一點,賬號是跟著數據庫綁定的,在那個庫里授權,就在那個庫里驗證(auth)
否則會失敗
創建 賬號管理授權權限 的賬號
> db.createUser(... {... user: 'admin',... pwd: '123456',... roles: [{role: 'userAdminAnyDatabase', db: 'admin'}]... }... )Successfully added user: { "user" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ]}然后退出數據庫
> use adminswitched to db admin> db.shutdownServer()
重新啟動mongodb,記得在配置文件mongod.conf里加上 auth = true
./bin/mongod -f conf/mongod.conf./bin/mongo 127.0.0.1:12345> show dbs # 沒有驗證,沒有權限,會出錯"errmsg" : "not authorized on admin to execute command> use admin> db.auth('admin', '123456')1# 返回 1 表示授權成功,0表示失敗> show dbs #已經授權,可以查看了創建 讀、讀寫權限的賬戶
> use bookswitched to db book> db.createUser(... {... user: 'zhangsan',... pwd: 'zhangsan',... roles: [{role: 'read', db: 'book'}]... }... )Successfully added user: { "user" : "zhangsan", "roles" : [ { "role" : "read", "db" : "book" } ]}> db.createUser(... {... user: 'lisi',... pwd: 'lisi',... roles: [{role: 'readWrite', db: 'book'}]... }... )Successfully added user: { "user" : "lisi", "roles" : [ { "role" : "readWrite", "db" : "book" } ]}> show users{ "_id" : "book.lisi", "user" : "lisi", "db" : "book", "roles" : [ { "role" : "readWrite", "db" : "book" } ]}{ "_id" : "book.zhangsan", "user" : "zhangsan", "db" : "book", "roles" : [ { "role" : "read", "db" : "book" } ]}然后驗證用戶權限是否正確
> db.book.insert({book: '小人書'}) # 沒驗證,會出錯WriteResult({ "writeError" : { "code" : 13, "errmsg" : "not authorized on book to execute command { insert: /"book/", documents: [ { _id: ObjectId('5959b56edcc047dfe5c9b336'), book: /"小人書/" } ], ordered: true }" }})> db.auth('lisi', 'lisi')1> db.book.insert({book: '小人書'})WriteResult({ "nInserted" : 1 })> db.auth('zhangsan', 'zhangsan') # 用戶切到 zhangsan1> db.book.find() # 可以查看{ "_id" : ObjectId("5959b59fdcc047dfe5c9b337"), "book" : "小人書" }> db.book.insert({book: '擇天記'}) # 沒有write權限,會失敗WriteResult({ "writeError" : { "code" : 13, "errmsg" : "not authorized on book to execute command { insert: /"book/", documents: [ { _id: ObjectId('5959b650dcc047dfe5c9b338'), book: /"擇天記/" } ], ordered: true }" }})創建 root 超級權限賬號
這個超級權限包括 授權 和 操控數據庫集合數據,比較簡單,只需要把role設置成 root
> use adminswitched to db admin> db.auth('admin', '123456')1> db.createUser(... {... user: 'dongsheng',... pwd: '123456',... roles: [{role: 'root', db: 'admin'}]... }... )Successfully added user: { "user" : "dongsheng", "roles" : [ { "role" : "root", "db" : "admin" } ]}> db.auth('dongsheng', '123456')1> use bookswitched to db book> db.book.insert({book: '笑傲江湖'})WriteResult({ "nInserted" : 1 })> db.book.find(){ "_id" : ObjectId("5959b59fdcc047dfe5c9b337"), "book" : "小人書" }{ "_id" : ObjectId("5959b7abdcc047dfe5c9b339"), "book" : "笑傲江湖" }總結
以上就是這篇文章的全部內容了,希望本文的內容對大家的學習或者工作具有一定的參考學習價值,如果有疑問大家可以留言交流,謝謝大家對VEVB武林網的支持。
新聞熱點
疑難解答
