前言
本文主要介紹了mongodb用戶權(quán)限管理的相關(guān)內(nèi)容,關(guān)于接著上次實(shí)踐的部分,下面話不多說(shuō)了,來(lái)一起看看詳細(xì)的介紹吧
啟動(dòng)mongodb并連接
./bin/mongod -f conf/mongod.conf./bin/mongo 127.0.0.1:12345
查看默認(rèn)的數(shù)據(jù)庫(kù)情況
> show dbsadmin 0.000GBlocal 0.000GB> use adminswitched to db admin> show tablessystem.version
可以看到,目前數(shù)據(jù)庫(kù)里除了一些基本信息,什么都沒有
在創(chuàng)建設(shè)置用戶權(quán)限之前,先了解一下文檔知識(shí)
創(chuàng)建用戶
# demodb.createUser( { user: "reportsUser", pwd: "12345678", roles: [ { role: "read", db: "reporting" }, { role: "read", db: "products" }, { role: "read", db: "sales" }, { role: "readWrite", db: "accounts" } ] })數(shù)據(jù)庫(kù)內(nèi)建角色
數(shù)據(jù)庫(kù)用戶角色
數(shù)據(jù)庫(kù)管理角色
集群管理角色
備份恢復(fù)角色
所有數(shù)據(jù)庫(kù)角色
超級(jí)用戶角色
內(nèi)部角色
有了創(chuàng)建語(yǔ)法,和參數(shù)說(shuō)明,接下來(lái)開始實(shí)踐.
注意,還有一點(diǎn),賬號(hào)是跟著數(shù)據(jù)庫(kù)綁定的,在那個(gè)庫(kù)里授權(quán),就在那個(gè)庫(kù)里驗(yàn)證(auth)
否則會(huì)失敗
創(chuàng)建 賬號(hào)管理授權(quán)權(quán)限 的賬號(hào)
> db.createUser(... {... user: 'admin',... pwd: '123456',... roles: [{role: 'userAdminAnyDatabase', db: 'admin'}]... }... )Successfully added user: { "user" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ]}然后退出數(shù)據(jù)庫(kù)
> use adminswitched to db admin> db.shutdownServer()
重新啟動(dòng)mongodb,記得在配置文件mongod.conf里加上 auth = true
./bin/mongod -f conf/mongod.conf./bin/mongo 127.0.0.1:12345> show dbs # 沒有驗(yàn)證,沒有權(quán)限,會(huì)出錯(cuò)"errmsg" : "not authorized on admin to execute command> use admin> db.auth('admin', '123456')1# 返回 1 表示授權(quán)成功,0表示失敗> show dbs #已經(jīng)授權(quán),可以查看了創(chuàng)建 讀、讀寫權(quán)限的賬戶
> use bookswitched to db book> db.createUser(... {... user: 'zhangsan',... pwd: 'zhangsan',... roles: [{role: 'read', db: 'book'}]... }... )Successfully added user: { "user" : "zhangsan", "roles" : [ { "role" : "read", "db" : "book" } ]}> db.createUser(... {... user: 'lisi',... pwd: 'lisi',... roles: [{role: 'readWrite', db: 'book'}]... }... )Successfully added user: { "user" : "lisi", "roles" : [ { "role" : "readWrite", "db" : "book" } ]}> show users{ "_id" : "book.lisi", "user" : "lisi", "db" : "book", "roles" : [ { "role" : "readWrite", "db" : "book" } ]}{ "_id" : "book.zhangsan", "user" : "zhangsan", "db" : "book", "roles" : [ { "role" : "read", "db" : "book" } ]}然后驗(yàn)證用戶權(quán)限是否正確
> db.book.insert({book: '小人書'}) # 沒驗(yàn)證,會(huì)出錯(cuò)WriteResult({ "writeError" : { "code" : 13, "errmsg" : "not authorized on book to execute command { insert: /"book/", documents: [ { _id: ObjectId('5959b56edcc047dfe5c9b336'), book: /"小人書/" } ], ordered: true }" }})> db.auth('lisi', 'lisi')1> db.book.insert({book: '小人書'})WriteResult({ "nInserted" : 1 })> db.auth('zhangsan', 'zhangsan') # 用戶切到 zhangsan1> db.book.find() # 可以查看{ "_id" : ObjectId("5959b59fdcc047dfe5c9b337"), "book" : "小人書" }> db.book.insert({book: '擇天記'}) # 沒有write權(quán)限,會(huì)失敗WriteResult({ "writeError" : { "code" : 13, "errmsg" : "not authorized on book to execute command { insert: /"book/", documents: [ { _id: ObjectId('5959b650dcc047dfe5c9b338'), book: /"擇天記/" } ], ordered: true }" }})創(chuàng)建 root 超級(jí)權(quán)限賬號(hào)
這個(gè)超級(jí)權(quán)限包括 授權(quán) 和 操控?cái)?shù)據(jù)庫(kù)集合數(shù)據(jù),比較簡(jiǎn)單,只需要把role設(shè)置成 root
> use adminswitched to db admin> db.auth('admin', '123456')1> db.createUser(... {... user: 'dongsheng',... pwd: '123456',... roles: [{role: 'root', db: 'admin'}]... }... )Successfully added user: { "user" : "dongsheng", "roles" : [ { "role" : "root", "db" : "admin" } ]}> db.auth('dongsheng', '123456')1> use bookswitched to db book> db.book.insert({book: '笑傲江湖'})WriteResult({ "nInserted" : 1 })> db.book.find(){ "_id" : ObjectId("5959b59fdcc047dfe5c9b337"), "book" : "小人書" }{ "_id" : ObjectId("5959b7abdcc047dfe5c9b339"), "book" : "笑傲江湖" }總結(jié)
以上就是這篇文章的全部?jī)?nèi)容了,希望本文的內(nèi)容對(duì)大家的學(xué)習(xí)或者工作具有一定的參考學(xué)習(xí)價(jià)值,如果有疑問(wèn)大家可以留言交流,謝謝大家對(duì)武林網(wǎng)的支持。
新聞熱點(diǎn)
疑難解答
圖片精選
