0
点赞
收藏
分享

微信扫一扫

【MongoDB】角色与权限管理

西红柿上校 2023-08-31 阅读 38

数据库的内建角色

数据库用户角色:read,readWrite;

数据库管理角色:dbAdmin,userAdmin,dbOwner

集群管理角色:clusterAdmin、clusterManager、clusterMonitor、hostManager;

备份恢复角色:backup、restore;

全数据库角色:readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase

超级用户角色:root

创建自定义角色
> use tpcc10
switched to db tpcc10
> db.createRole(
... {
... role:"customerInsert",
... privileges:
... [
... {resource:{db:"tpcc10",collection:"customer"},actions:["insert"]}
... ],
... roles:[]
... }
... )
{
        "role" : "customerInsert",
        "privileges" : [
                {
                        "resource" : {
                                "db" : "tpcc10",
                                "collection" : "customer"
                        },
                        "actions" : [
                                "insert"
                        ]
                }
        ],
        "roles" : [ ]
}

查询指定自定义角色
> db.getRole("customerInsert",{showPrivileges:true})
{
        "role" : "customerInsert",
        "db" : "tpcc10",
        "isBuiltin" : false,
        "roles" : [ ],
        "inheritedRoles" : [ ],
        "privileges" : [
                {
                        "resource" : {
                                "db" : "tpcc10",
                                "collection" : "customer"
                        },
                        "actions" : [
                                "insert"
                        ]
                }
        ],
        "inheritedPrivileges" : [
                {
                        "resource" : {
                                "db" : "tpcc10",
                                "collection" : "customer"
                        },
                        "actions" : [
                                "insert"
                        ]
                }
        ]
}

查询全部自定义角色
> db.getRoles({showPrivileges:true})

将自定义角色授予用户
> db.grantRolesToUser("test",[{role:"customerInsert",db:"tpcc10"}])

查询用户的权限
> db.getUser("test",{showPrivileges:true})
{
        "_id" : "tpcc10.test",
        "userId" : UUID("3cec2b29-c547-4254-b848-143fd0f6ae20"),
        "user" : "test",
        "db" : "tpcc10",
        "mechanisms" : [
                "SCRAM-SHA-1",
                "SCRAM-SHA-256"
        ],
        "roles" : [
                {
                        "role" : "read",
                        "db" : "tpcc10"
                },
                {
                        "role" : "customerInsert",
                        "db" : "tpcc10"
                }
        ],
        "inheritedRoles" : [
                {
                        "role" : "read",
                        "db" : "tpcc10"
                },
                {
                        "role" : "customerInsert",
                        "db" : "tpcc10"
                }
        ],
        "inheritedPrivileges" : [
                {
                        "resource" : {
                                "db" : "tpcc10",
                                "collection" : ""
                        },
                        "actions" : [
                                "changeStream",
                                "collStats",
                                "dbHash",
                                "dbStats",
                                "find",
                                "killCursors",
                                "listCollections",
                                "listIndexes",
                                "planCacheRead"
                        ]
                },
                {
                        "resource" : {
                                "db" : "tpcc10",
                                "collection" : "system.js"
                        },
                        "actions" : [
                                "changeStream",
                                "collStats",
                                "dbHash",
                                "dbStats",
                                "find",
                                "killCursors",
                                "listCollections",
                                "listIndexes",
                                "planCacheRead"
                        ]
                },
                {
                        "resource" : {
                                "db" : "tpcc10",
                                "collection" : "customer"
                        },
                        "actions" : [
                                "insert"
                        ]
                }
        ],
        "inheritedAuthenticationRestrictions" : [ ]
}

授予自定义角色权限
> db.grantPrivilegesToRole(
... "customerInsert",
... [
... {resource:{db:"tpcc10",collection:"customer"},
... actions:["update"]
... }
... ]
... )

查询用户的权限
> db.getUser("test",{showPrivileges:true})
{
        "_id" : "tpcc10.test",
        "userId" : UUID("3cec2b29-c547-4254-b848-143fd0f6ae20"),
        "user" : "test",
        "db" : "tpcc10",
        "mechanisms" : [
                "SCRAM-SHA-1",
                "SCRAM-SHA-256"
        ],
        "roles" : [
                {
                        "role" : "read",
                        "db" : "tpcc10"
                },
                {
                        "role" : "customerInsert",
                        "db" : "tpcc10"
                }
        ],
        "inheritedRoles" : [
                {
                        "role" : "customerInsert",
                        "db" : "tpcc10"
                },
                {
                        "role" : "read",
                        "db" : "tpcc10"
                }
        ],
        "inheritedPrivileges" : [
                {
                        "resource" : {
                                "db" : "tpcc10",
                                "collection" : ""
                        },
                        "actions" : [
                                "changeStream",
                                "collStats",
                                "dbHash",
                                "dbStats",
                                "find",
                                "killCursors",
                                "listCollections",
                                "listIndexes",
                                "planCacheRead"
                        ]
                },
                {
                        "resource" : {
                                "db" : "tpcc10",
                                "collection" : "system.js"
                        },
                        "actions" : [
                                "changeStream",
                                "collStats",
                                "dbHash",
                                "dbStats",
                                "find",
                                "killCursors",
                                "listCollections",
                                "listIndexes",
                                "planCacheRead"
                        ]
                },
                {
                        "resource" : {
                                "db" : "tpcc10",
                                "collection" : "customer"
                        },
                        "actions" : [
                                "insert",
                                "update"
                        ]
                }
        ],
        "inheritedAuthenticationRestrictions" : [
                [ ]
        ]
}

撤销自定义角色权限
> db.revokePrivilegesFromRole(
... "customerInsert",
... [
... {resource:{db:"tpcc10",collection:"customer"},
... actions:["update"]
... }
... ]
... )

查询用户的权限
> > db.getUser("test",{showPrivileges:true})
{
        "_id" : "tpcc10.test",
        "userId" : UUID("3cec2b29-c547-4254-b848-143fd0f6ae20"),
        "user" : "test",
        "db" : "tpcc10",
        "mechanisms" : [
                "SCRAM-SHA-1",
                "SCRAM-SHA-256"
        ],
        "roles" : [
                {
                        "role" : "read",
                        "db" : "tpcc10"
                },
                {
                        "role" : "customerInsert",
                        "db" : "tpcc10"
                }
        ],
        "inheritedRoles" : [
                {
                        "role" : "read",
                        "db" : "tpcc10"
                },
                {
                        "role" : "customerInsert",
                        "db" : "tpcc10"
                }
        ],
        "inheritedPrivileges" : [
                {
                        "resource" : {
                                "db" : "tpcc10",
                                "collection" : ""
                        },
                        "actions" : [
                                "changeStream",
                                "collStats",
                                "dbHash",
                                "dbStats",
                                "find",
                                "killCursors",
                                "listCollections",
                                "listIndexes",
                                "planCacheRead"
                        ]
                },
                {
                        "resource" : {
                                "db" : "tpcc10",
                                "collection" : "system.js"
                        },
                        "actions" : [
                                "changeStream",
                                "collStats",
                                "dbHash",
                                "dbStats",
                                "find",
                                "killCursors",
                                "listCollections",
                                "listIndexes",
                                "planCacheRead"
                        ]
                },
                {
                        "resource" : {
                                "db" : "tpcc10",
                                "collection" : "customer"
                        },
                        "actions" : [
                                "insert"
                        ]
                }
        ],
        "inheritedAuthenticationRestrictions" : [
                [ ]
        ]
}

删除指定的自定义角色
db.dropRole("myRole01")

删除全部的自定义角色
db.dropAllRoles()

举报

相关推荐

0 条评论