阅读量:2
MongoDB之角色与权限及创建用户与授权操作详解
文章目录
1. 角色与权限
1. 角色分类
| 角色分类 | 角色分类中的具体角色 |
|---|---|
| 数据库用户角色 | read、readWrite |
| 数据库管理角色 | dbAdmin、dbOwner、userAdmin |
| 集群管理角色 | clusterAdmin、clusterManager、clusterMonitor、hostManage |
| 数据库备份、恢复角色 | backup、restore |
| 所有数据库角色 | readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase |
| 超级用户角色 | root |
| 内部角色 | __system |
2. 权限说明
| 权限 | 说明 |
|---|---|
| read | 允许用户读取指定数据库 |
| readWrite | 允许用户读写指定数据库 |
| dbAdmin | 允许用户在指定数据库中执行管理函数,如索引创建、删除、查看统计或访问system.profile |
| userAdmin | 允许用户向system.users集合写入,可以在指定数据库中创建、删除和管理用户 |
| clusterAdmin | 必须在admin数据库中定义,赋予用户所有分片和复制集相关函数的管理权限 |
| readAnyDatabase | 必须在admin数据库中定义,赋予用户所有数据库的读权限 |
| readWriteAnyDatabase | 必须在admin数据库中定义,赋予用户所有数据库的读写权限 |
| userAdminAnyDatabase | 必须在admin数据库中定义,赋予用户所有数据库的userAdmin权限 |
| dbAdminAnyDatabase | 必须在admin数据库中定义,赋予用户所有数据库的dbAdmin权限 |
| root | 必须在admin数据库中定义,超级账号,超级权限 |
2. MongDB创建用户及删除用户
1. 创建用户
use admin db.createUser({ "user":"用户名", "pwd":"密码", "roles":[ # 角色可配多个 {role:"角色",db:"所属数据库"} ], # 用户信息,可选 coustomData:{ name:"jinshengyuan", email:"xxx@xx.com" } }) # 创建一个不受访问限制的用户, db.createUser({ user:"wei", pwd:"wei", roles:["root"] }) 2. 查看用户信息
use admin show users db.system.users.find() db.system.users.pretty() db.runCommand({userInfo:"用户名"}) 3. 修改用户密码
use amdin db.changeUserPassword("用户名","新密码") # 修改用户密码及用户信息 db.runCommand({updateUser:"用户名",pwd:"新密码",customData:{age:22}}) 3. db.runCommand创建用户与授权
可通过
db.runCommand命令行来创建/修改用户与授予相关权限的操作
1. 创建用户
use admin db.runCommand({ "createUser" : "yuan", "pwd" : "yuan", "customData" : { }, "roles" : [ { "role" : "__queryableBackup", "db" : "admin" }, { "role" : "__system", "db" : "admin" }, { "role" : "backup", "db" : "admin" }, { "role" : "clusterAdmin", "db" : "admin" }, { "role" : "clusterManager", "db" : "admin" }, { "role" : "clusterMonitor", "db" : "admin" }, { "role" : "dbAdmin", "db" : "admin" }, { "role" : "dbAdminAnyDatabase", "db" : "admin" }, { "role" : "dbOwner", "db" : "admin" }, { "role" : "enableSharding", "db" : "admin" }, { "role" : "hostManager", "db" : "admin" }, { "role" : "read", "db" : "admin" }, { "role" : "readAnyDatabase", "db" : "admin" }, { "role" : "readWrite", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" }, { "role" : "restore", "db" : "admin" }, { "role" : "root", "db" : "admin" }, { "role" : "userAdmin", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }); 2. 更改用户权限
use admin db.runCommand({ "updateUser" : "yuan", "customData" : { }, "roles" : [ { "role" : "readWrite", "db" : "yuan" }, { "role" : "__queryableBackup", "db" : "admin" }, { "role" : "__system", "db" : "admin" }, { "role" : "backup", "db" : "admin" }, { "role" : "clusterAdmin", "db" : "admin" }, { "role" : "clusterManager", "db" : "admin" }, { "role" : "clusterMonitor", "db" : "admin" }, { "role" : "dbAdmin", "db" : "admin" }, { "role" : "dbAdminAnyDatabase", "db" : "admin" }, { "role" : "dbOwner", "db" : "admin" }, { "role" : "enableSharding", "db" : "admin" }, { "role" : "hostManager", "db" : "admin" }, { "role" : "read", "db" : "admin" }, { "role" : "readAnyDatabase", "db" : "admin" }, { "role" : "readWrite", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" }, { "role" : "restore", "db" : "admin" }, { "role" : "root", "db" : "admin" }, { "role" : "userAdmin", "db" : "admin" }, { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }); 