mongodb权限管理
今晚苦逼加班,就稍微梳理下mongodb的权限境配置,在安装配置好一套mongodb后,需要创建相应的数据库和用户密码给开发人员,那么权限改如何设置呢?
1.首先要创建数据库
use chunqiu
2.创建用户授予权限,在创建用户之前首先了解下mongodb中的role功能,那么admin数据库中有哪些role 呢?
查看role:
use admin
PRIMARY> show roles
{
"role" : "__system",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "backup",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "clusterAdmin",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "clusterManager",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "clusterMonitor",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "dbAdmin",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "dbAdminAnyDatabase",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "dbOwner",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "enableSharding",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "hostManager",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "read",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "readAnyDatabase",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "readWrite",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "readWriteAnyDatabase",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "restore",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "root",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "userAdmin",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "userAdminAnyDatabase",
"db" : "admin",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
那么chunqiu的库有哪些role呢?
use chunqiu
PRIMARY> show roles
{
"role" : "dbAdmin",
"db" : "chunqiu",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "dbOwner",
"db" : "chunqiu",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "enableSharding",
"db" : "chunqiu",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "read",
"db" : "chunqiu",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "readWrite",
"db" : "chunqiu",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
{
"role" : "userAdmin",
"db" : "chunqiu",
"isBuiltin" : true,
"roles" : [ ],
"inheritedRoles" : [ ]
}
3.看完了mongodb的role后是不是感觉豁然开朗?那么现在就创建用户吧:
use chunqiu
db.createUser(
{
user: "app_user",
pwd: "app#password",
roles:
[
{
role: "dbOwner", ##数据库权限的role选择dbOwner
db: "chunqiu" ##注意此处数据验证使用chunqiu库
}
]
}
)
如果要建只读账号:
use chunqiu
db.createUser(
{
user: "app_user_read",
pwd: "read#password",
roles:
[
{
role: "read", ##数据库权限的role选择read
db: "chunqiu"
}
]
}
)
查看已经创建的用户:
show users
修改密码:
db.changeUserPassword('app_user','password');
授予角色:
db.grantRolesToUser( "admin" , [ { role: "dbAdminAnyDatabase", db: "admin" } ])
取消角色:
db.revokeRolesFromUser( "admin" , [ { role: "dbAdminAnyDatabase", db: "admin" } ])
4.最后你可以把创建的账号和密码发给开发人员使用了。
免责声明:
① 本站未注明“稿件来源”的信息均来自网络整理。其文字、图片和音视频稿件的所属权归原作者所有。本站收集整理出于非商业性的教育和科研之目的,并不意味着本站赞同其观点或证实其内容的真实性。仅作为临时的测试数据,供内部测试之用。本站并未授权任何人以任何方式主动获取本站任何信息。
② 本站未注明“稿件来源”的临时测试数据将在测试完成后最终做删除处理。有问题或投稿请发送至: 邮箱/279061341@qq.com QQ/279061341
![[mysql]mysql8修改root密码](https://static.528045.com/imgs/20.jpg?imageMogr2/format/webp/blur/1x0/quality/35)
