mongodb用戶權限管理(二)
數據庫 分配用戶權限
mongodb
有了建立語法,和參數說明,接下來開始實踐.數據庫
注意,還有一點,帳號是跟着數據庫綁定的,在那個庫裏受權,就在那個庫裏驗證(auth)
不然會失敗code
建立 帳號管理受權權限 的帳號
> db.createUser(
... {
... user: 'admin',
... pwd: '123456',
... roles: [{role: 'userAdminAnyDatabase', db: 'admin'}]
... }
... )
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
而後退出數據庫it
> use admin switched to db admin > db.shutdownServer()
從新啓動mongodb,記得在配置文件mongod.conf里加上 auth = true配置
./bin/mongod -f conf/mongod.conf
./bin/mongo 127.0.0.1:12345
> show dbs # 沒有驗證,沒有權限,會出錯
"errmsg" : "not authorized on admin to execute command
> use admin
> db.auth('admin', '123456')
1
# 返回 1 表示受權成功,0表示失敗
> show dbs #已經受權,能夠查看了
建立 讀、讀寫權限的帳戶
> use book
switched to db book
> db.createUser(
... {
... user: 'zhangsan',
... pwd: 'zhangsan',
... roles: [{role: 'read', db: 'book'}]
... }
... )
Successfully added user: {
"user" : "zhangsan",
"roles" : [
{
"role" : "read",
"db" : "book"
}
]
}
> db.createUser(
... {
... user: 'lisi',
... pwd: 'lisi',
... roles: [{role: 'readWrite', db: 'book'}]
... }
... )
Successfully added user: {
"user" : "lisi",
"roles" : [
{
"role" : "readWrite",
"db" : "book"
}
]
}
> show users
{
"_id" : "book.lisi",
"user" : "lisi",
"db" : "book",
"roles" : [
{
"role" : "readWrite",
"db" : "book"
}
]
}
{
"_id" : "book.zhangsan",
"user" : "zhangsan",
"db" : "book",
"roles" : [
{
"role" : "read",
"db" : "book"
}
]
}
而後驗證用戶權限是否正確權限
> db.book.insert({book: '小人書'}) # 沒驗證,會出錯
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on book to execute command { insert: \"book\", docum
ents: [ { _id: ObjectId('5959b56edcc047dfe5c9b336'), book: \"小人書\" } ], ordered: true }"
}
})
> db.auth('lisi', 'lisi')
1
> db.book.insert({book: '小人書'})
WriteResult({ "nInserted" : 1 })
> db.auth('zhangsan', 'zhangsan') # 用戶切到 zhangsan
1
> db.book.find() # 能夠查看
{ "_id" : ObjectId("5959b59fdcc047dfe5c9b337"), "book" : "小人書" }
> db.book.insert({book: '擇天記'}) # 沒有write權限,會失敗
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on book to execute command { insert: \"book\", docum
ents: [ { _id: ObjectId('5959b650dcc047dfe5c9b338'), book: \"擇天記\" } ], ordered: true }"
}
})
建立 root 超級權限帳號
這個超級權限包括 受權 和 操控數據庫集合數據,比較簡單,只須要把role設置成 root語法
> use admin
switched to db admin
> db.auth('admin', '123456')
1
> db.createUser(
... {
... user: 'dongsheng',
... pwd: '123456',
... roles: [{role: 'root', db: 'admin'}]
... }
... )
Successfully added user: {
"user" : "dongsheng",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> db.auth('dongsheng', '123456')
1
> use book
switched to db book
> db.book.insert({book: '笑傲江湖'})
WriteResult({ "nInserted" : 1 })
> db.book.find()
{ "_id" : ObjectId("5959b59fdcc047dfe5c9b337"), "book" : "小人書" }
{ "_id" : ObjectId("5959b7abdcc047dfe5c9b339"), "book" : "笑傲江湖" }
相關文章
- 1. MongoDB用戶權限管理
- 2. MongoDB 用戶權限管理
- 3. mongodb用戶權限管理
- 4. mongodb權限管理二
- 5. MongoDB權限管理二
- 6. MongoDB(二)-----MongoDB的用戶與權限管理
- 7. mongodb 3.2 用戶權限管理配置
- 8. Mongodb 用戶權限管理及配置
- 9. mongodb用戶權限管理配置
- 10. MongoDB 用戶權限管理手冊
- 更多相關文章...
- • MySQL刪除用戶權限(REVOKE) - MySQL教程
- • MySQL用戶授權(GRANT) - MySQL教程
- • Java Agent入門實戰(三)-JVM Attach原理與使用
- • Docker 清理命令
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章