MongoDB之角色与权限及创建用户与授权操作详解
文章目录
1. 角色与权限
1. 角色分类
| 角色分类 | 角色分类中的具体角色 |
|---|
| 数据库用户角色 | read、readWrite |
| 数据库管理角色 | dbAdmin、dbOwner、userAdmin |
| 集群管理角色 | clusterAdmin、clusterManager、clusterMonitor、hostManage |
| 数据库备份、恢复角色 | backup、restore |
| 所有数据库角色 | readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase |
| 超级用户角色 | root |
| 内部角色 | __system |
2. 权限说明
| 权限 | 说明 |
|---|
| read | 允许用户读取指定数据库 |
| readWrite | 允许用户读写指定数据库 |
| dbAdmin | 允许用户在指定数据库中执行管理函数,如索引创建、删除、查看统计或访问system.profile |
| userAdmin | 允许用户向system.users集合写入,可以在指定数据库中创建、删除和管理用户 |
| clusterAdmin | 必须在admin数据库中定义,赋予用户所有分片和复制集相关函数的管理权限 |
| readAnyDatabase | 必须在admin数据库中定义,赋予用户所有数据库的读权限 |
| readWriteAnyDatabase | 必须在admin数据库中定义,赋予用户所有数据库的读写权限 |
| userAdminAnyDatabase | 必须在admin数据库中定义,赋予用户所有数据库的userAdmin权限 |
| dbAdminAnyDatabase | 必须在admin数据库中定义,赋予用户所有数据库的dbAdmin权限 |
| root | 必须在admin数据库中定义,超级账号,超级权限 |
| |
2. MongDB创建用户及删除用户
1. 创建用户
use admin
db.createUser({
"user":"用户名",
"pwd":"密码",
"roles":[
{role:"角色",db:"所属数据库"}
],
coustomData:{
name:"jinshengyuan",
email:"xxx@xx.com"
}
})
db.createUser({
user:"wei",
pwd:"wei",
roles:["root"]
})
2. 查看用户信息
use admin
show users
db.system.users.find()
db.system.users.pretty()
db.runCommand({userInfo:"用户名"})
3. 修改用户密码
use amdin
db.changeUserPassword("用户名","新密码")
db.runCommand({updateUser:"用户名",pwd:"新密码",customData:{age:22}})
3. db.runCommand创建用户与授权
1. 创建用户
use admin
db.runCommand({
"createUser" : "yuan",
"pwd" : "yuan",
"customData" : {
},
"roles" : [
{
"role" : "__queryableBackup",
"db" : "admin"
},
{
"role" : "__system",
"db" : "admin"
},
{
"role" : "backup",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "clusterManager",
"db" : "admin"
},
{
"role" : "clusterMonitor",
"db" : "admin"
},
{
"role" : "dbAdmin",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "enableSharding",
"db" : "admin"
},
{
"role" : "hostManager",
"db" : "admin"
},
{
"role" : "read",
"db" : "admin"
},
{
"role" : "readAnyDatabase",
"db" : "admin"
},
{
"role" : "readWrite",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "restore",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
});
2. 更改用户权限
use admin
db.runCommand({
"updateUser" : "yuan",
"customData" : {
},
"roles" : [
{
"role" : "readWrite",
"db" : "yuan"
},
{
"role" : "__queryableBackup",
"db" : "admin"
},
{
"role" : "__system",
"db" : "admin"
},
{
"role" : "backup",
"db" : "admin"
},
{
"role" : "clusterAdmin",
"db" : "admin"
},
{
"role" : "clusterManager",
"db" : "admin"
},
{
"role" : "clusterMonitor",
"db" : "admin"
},
{
"role" : "dbAdmin",
"db" : "admin"
},
{
"role" : "dbAdminAnyDatabase",
"db" : "admin"
},
{
"role" : "dbOwner",
"db" : "admin"
},
{
"role" : "enableSharding",
"db" : "admin"
},
{
"role" : "hostManager",
"db" : "admin"
},
{
"role" : "read",
"db" : "admin"
},
{
"role" : "readAnyDatabase",
"db" : "admin"
},
{
"role" : "readWrite",
"db" : "admin"
},
{
"role" : "readWriteAnyDatabase",
"db" : "admin"
},
{
"role" : "restore",
"db" : "admin"
},
{
"role" : "root",
"db" : "admin"
},
{
"role" : "userAdmin",
"db" : "admin"
},
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
});
