文章目录

  • MongoDB权限说明
  • 普通用户
  • 管理用户
  • 授权用户
  • 超级管理员
  • 创建管理用户
  • mongdb库创建读写用户
  • 一个用户多个权限


MongoDB权限说明

权限误区:并不是说下面的排序就证明权限越来越大除了 readWrite 权限用户外(root权限用户也包括),其它用户都不具备对数据库的写入权限,除 read 权限外,其它用户都不具备对数据库中的读权限,每个权限的功能各不一样(除root外)

普通用户

普通用户只是拥有下面的读写权限

权限

说明

Read

允许用户读取指定数据库

readWrite

允许用户读写指定数据库

管理用户

管理用户具备下面说明的一些操作权限

权限

说明

dbAdmin

允许用户在指定数据库中指定管理函数,如(索引创建、删除、查看统计访问system.profile)

userAdmin

允许用户向system.users集合写入,可以找指定数据里面创建、删除和管理用户

clusterAdmin

只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限

授权用户

以下用户主要是为其它用户赋予相应的权限

权限

说明

readAnyDatabase

只在admin数据库中可用,赋予用户所有数据库的读权限

readWriteAnyDatabase

只在admin数据库中可用,赋予用户所有数据库的读写权限

userWriteAnyDatabase

只在admin数据库中可用,赋予用户所有数据库的userAdmin权限

dbAdminAnyDatabase

只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限

超级管理员

可以无所不能,为所欲为

权限

说明

root

只在admin数据库中可用,超级管理员

mongodb安装好后第一次进入是不需要密码的,也没有任何用户,直接连接进入即可

/usr/local/mongodb/bin/mongo --host 192.168.31.215 --port 27018

创建管理用户

> use admin
switched to db admin
> db.createUser ( {
... user:"manage",
... pwd:"123456",
... roles:[ { role:"root", db:"admin" } ]
...     }
... )

#返回以下信息代表创建成功
Successfully added user: {
	"user" : "manage",
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	]
}

退出登录,然后在mongodb配置文件中开启认证

vim /usr/local/mongodb/27018/conf/mongod.conf
security: 
  authorization: enabled
  javascriptEnabled: true

重启mongodb

/usr/local/mongodb/bin/mongod --shutdown -f /usr/local/mongodb/27018/conf/mongod.conf 
/usr/local/mongodb/bin/mongod -f /usr/local/mongodb/27018/conf/mongod.conf

连接mongodb

/usr/local/mongodb/bin/mongo --host 192.168.31.215 --port 27018
MongoDB shell version v4.2.0
connecting to: mongodb://192.168.31.215:27018/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("fc77266a-b2ff-4eb0-b6ca-c493c7c29143") }
MongoDB server version: 4.2.0
> use admin                     #进入admin库中先进行账号认证
switched to db admin        
> db.auth('manage','123456')    #认证账号,值返回1代表认证成功
1

mongdb库创建读写用户

> db.createUser( {
... user:"zhangsan",
... pwd:"zhangsan",
... roles:[ { role:"readWrite", db:"mongdb" } ]
...     }
... )
Successfully added user: {
	"user" : "zhangsan",
	"roles" : [
		{
			"role" : "readWrite",
			"db" : "mongdb"
		}
	]
}

验证创建的zhangsan用户(不需要退出登录)

> use admin
switched to db admin
> db.auth('zhangsan','zhangsan')
1
> show dbs              #查看数据库,因为mongdb数据库存储数据,所以看不到
> use mongdb            #直接 use 到mongdb数据库中
switched to db mongdb

#插入 json 格式文档到 coll 集合中
> db.coll.insert({"name": "Zhangsan","url": "http://abcops.cn","age": 25,"isNonProfit": true,})
WriteResult({ "nInserted" : 1 })
> show collections      #查看已存在集合
coll
> db.coll.find()        #读取集合中的数据
{ "_id" : ObjectId("5d8b24c2f1c33f4950f2c5df"), "name" : "Zhangsan", "url" : "http://abcops.cn", "age" : 25, "isNonProfit" : true }

以上完成了读写权限的验证

一个用户多个权限

为 lisi 用户授权
01db read权限
02db readWrite
03db dbAdmin权限
04db userAdmin权限

这次先把数据库创建出来

> use admin
switched to db admin
> db.auth('manage','123456')
1

> use 01db
switched to db 01db
> db.coll.insert({"name": "01db","url": "http://abcops.cn","age": 25,"isNonProfit": true,})
WriteResult({ "nInserted" : 1 })

> use 02db
switched to db 02db
> db.coll.insert({"name": "02db","url": "http://abcops.cn","age": 25,"isNonProfit": true,})
WriteResult({ "nInserted" : 1 })

> use 03db
switched to db 03db
> db.coll.insert({"name": "03db","url": "http://abcops.cn","age": 25,"isNonProfit": true,})
WriteResult({ "nInserted" : 1 })

> use 04db
switched to db 04db
> db.coll.insert({"name": "04db","url": "http://abcops.cn","age": 25,"isNonProfit": true,})
WriteResult({ "nInserted" : 1 })

创建用户并授权

> db.createUser( {
... user:"lisi",
... pwd:"123456",
... roles: [ { role:"read",db:"01db" },
... { role:"readWrite",db:"02db" },
... { role:"dbAdmin",db:"03db" },
... { role:"userAdmin",db:"04db" } ]
...     }
... )
Successfully added user: {
	"user" : "lisi",
	"roles" : [
		{
			"role" : "read",
			"db" : "01db"
		},
		{
			"role" : "readWrite",
			"db" : "02db"
		},
		{
			"role" : "dbAdmin",
			"db" : "03db"
		},
		{
			"role" : "userAdmin",
			"db" : "04db"
		}
	]
}

查看所有用户

> show users
{
	"_id" : "admin.admin",
	"userId" : UUID("9958faa5-7132-4146-8775-a001e47fe7f8"),
	"user" : "admin",
	"db" : "admin",
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	],
	"mechanisms" : [
		"SCRAM-SHA-1"
	]
}
{
	"_id" : "admin.lisi",
	"userId" : UUID("bc8e5dc7-2f8c-40c1-8190-cea4951ae4a1"),
	"user" : "lisi",
	"db" : "admin",
	"roles" : [
		{
			"role" : "read",
			"db" : "01db"
		},
		{
			"role" : "readWrite",
			"db" : "02db"
		},
		{
			"role" : "dbAdmin",
			"db" : "03db"
		},
		{
			"role" : "userAdmin",
			"db" : "04db"
		}
	],
	"mechanisms" : [
		"SCRAM-SHA-1"
	]
}
{
	"_id" : "admin.manage",
	"userId" : UUID("e1b34f57-06f2-4ef1-b23a-2d46a3964fbf"),
	"user" : "manage",
	"db" : "admin",
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	],
	"mechanisms" : [
		"SCRAM-SHA-1"
	]
}
{
	"_id" : "admin.micvs",
	"userId" : UUID("1f4837c7-8c14-40d4-8a21-d621e0bcc278"),
	"user" : "micvs",
	"db" : "admin",
	"roles" : [
		{
			"role" : "dbAdminAnyDatabase",
			"db" : "admin"
		}
	],
	"mechanisms" : [
		"SCRAM-SHA-1",
		"SCRAM-SHA-256"
	]
}
{
	"_id" : "admin.zhangsan",
	"userId" : UUID("1003726b-c7fc-44e6-b001-b5c828bfb40d"),
	"user" : "zhangsan",
	"db" : "admin",
	"roles" : [
		{
			"role" : "readWrite",
			"db" : "mongdb"
		}
	],
	"mechanisms" : [
		"SCRAM-SHA-1"
	]
}