注意一点:帐号是跟着库走的,所以在指定库里授权,必须也在指定库里验证(auth)。
#########################################################
1,查看用户:
sys:PRIMARY> db.getUser("sys_wr")
{
"_id" : "admin.sys_wr",
"userId" : UUID("0b1c20c4-c7c9-401e-865a-3c6601b8fdea"),
"user" : "sys_wr",
"db" : "admin",
"roles" : [
{
"role" : "sys_rl",
"db" : "admin"
}
]
}
sys:PRIMARY> db.getRole("sys_rl",{showPrivileges:true});
{
"role" : "sys_rl",
"db" : "admin",
"isBuiltin" : false,
"roles" : [ ],
"inheritedRoles" : [ ],
"privileges" : [
{
"resource" : {
"db" : "sys",
"collection" : ""
},
"actions" : [
"collStats",
"dbHash",
"dbStats",
"find",
"insert",
"killCursors",
"listCollections",
"listIndexes",
"remove",
"update"
]
}
],
"inheritedPrivileges" : [
{
"resource" : {
"db" : "sys",
"collection" : ""
},
"actions" : [
"collStats",
"dbHash",
"dbStats",
"find",
"insert",
"killCursors",
"listCollections",
"listIndexes",
"remove",
"update"
]
}
]
}
sys:PRIMARY>
db.auth() :
查找用户:
db.getUser() :
db.getUsers() :
##############
查看指定库中指定用户的具体信息:
use apple;
db.getUser("igoodul");
use admin;
db.getUser("test",{showCredentials:true,showPrivileges:true});
// 说明:
showCredentials:true 显示加密信息
showPrivileges:true 显示权限详细信息
查看指定库apple中存在的所有用户:
use apple;
db.getUsers();
use amdin;
db.getUsers({ filter: { mechanisms: "SCRAM-SHA-256" } });
2,创建用户:
用户密码为明文字符串,或者passwordPrompt() 提示输入用户密码。
db.createUser() :
use admin;
db.createUser({user:"igoodful",
pwd:"123456",
roles:[{role:"readWrite",db:"apple"},
{role:"readWrite",db:"google"}
]});
// 不带角色:
use admin;
db.createUser(
{
user: "reportsUser",
pwd: "123456",
roles: [ ]
});
// 带上角色:
use admin;
db.createUser(
{
user: "accountUser",
pwd: "123456",
roles: [ "readWrite", "dbAdmin" ]
});
// 创建管理员用户
use admin;
db.createUser(
{
user: "appAdmin",
pwd: "1234565",
roles:
[
{ role: "readWrite", db: "config" },
"clusterAdmin"
]
});
// 创建身份验证限制的用户,3.6版的新功能。
use admin;
db.createUser(
{
user: "restricted",
pwd: "123456",
roles: [ { role: "readWrite", db: "apple" } ],
authenticationRestrictions: [ {
clientSource: ["10.10.10.11"],
serverAddress: ["10.10.10.10"]
} ]
});
// 要使用SCRAM-SHA-256, featureCompatibilityVersion必须将设置为4.0。
use admin;
db.createUser(
{
user: "User256",
pwd: "123456",
roles: [ { role: "readWrite", db: "admin" } ],
mechanisms: [ "SCRAM-SHA-256" ]
});
// 创建超级用户:
db.createUser(
{
user : 'dba',
pwd : 'dba',
roles : [ { role:'root', db:'admin' } ]
})
// 创建备份恢复账号:
db.createUser({user: "backupuser","pwd": "123456",
"roles" : [
{ "db" : "pbm", "role" : "readWrite", "collection": "" },
{ "db" : "admin", "role" : "backup" },
{ "db" : "admin", "role" : "clusterMonitor" },
{ "db" : "admin", "role" : "restore" },
{ "db" : "admin", "role" : "xmmgbakcupAnyAction" }
]
});
//
3,删除用户:
删除用户:
从当前数据库中删除所有用户。
db.dropAllUsers() :
从当前数据库中删除指定用户
db.dropUser() :
//
use admin;
db.dropUser("User1", {w: "majority", wtimeout: 5000});
db.system.users.remove({user:"igoodful"});
4,更新用户:
更新用户信息:
db.updateUser() :
use admin;
db.updateUser( "test",{
customData : { employeeId : "0x3039" },
roles : [
{ role : "read", db : "assets" }
]} );
db.updateUser(
"root",
{
pwd: "abc"
}
)
更改密码:
db.changeUserPassword() :
db.changeUserPassword("igoodful", "654321")
添加新的角色给用户:
db.grantRolesToUser() :
use admin;
db.grantRolesToUser(
"accountUser01",
[ "readWrite" , { role: "read", db: "stock" } ],
{ w: "majority" , wtimeout: 4000 });
db.grantRolesToUser("username", [{role:"readWrite", db:"testDB"},{role:"read", db:"testDB"}])
撤销用户某个角色:
db.revokeRolesFromUser() :
use admin;
db.revokeRolesFromUser( "test",
[ { role: "read", db: "stock" }, "readWrite" ],
{ w: "majority" }
);
#####################################################
db.getUser("skyeye_r");
{
"_id" : "admin.skyeye_r",
"user" : "skyeye_r",
"db" : "admin",
"roles" : [
{
"role" : "skyeye_r",
"db" : "admin"
}
]
}
db.runCommand({revokeRolesFromUser:"skyeye_r",roles:[{role:"skyeye_r",db:"admin"}]})
db.getUser("skyeye_r");
{
"_id" : "admin.skyeye_r",
"user" : "skyeye_r",
"db" : "admin",
"roles" : [ ]
}
###########################################