mongodb版本:3.2.4
1.先尝试创建root用户:root用户拥有最高权限,可以进行任何操作
use admin
db.createUser({'user':'root', 'pwd':'root', 'roles':[{'role':'root', 'db':'admin'}]})
发现不可以,说明不登录是不能创建root用户的。但可以创建userAdminAnyDatabase角色
createUser()方法的官方文档:
{
user: "<name>",
pwd: "<cleartext password>",
customData: { <any information> },
roles: [
{ role: "<role>", db: "<database>" } | "<role>",
...
],
authenticationRestrictions: [
{
clientSource: ["<IP>" | "<CIDR range>", ...]
serverAddress: ["<IP>" | "<CIDR range>", ...]
},
...
],
mechanisms: [ "<SCRAM-SHA-1|SCRAM-SHA-256>", ... ],
passwordDigestor: "<server|client>"
}
2.创建userAdminAnyDatabase用户:此用户只有用户管理权限,即创建,修改及删除用户。
use admin
db.createUser({'user':'userAdmin', 'pwd':'userAdmin', 'roles':[{'role':'userAdminAnyDatabase', 'db':'admin'}]})
3.登录:
use admin
db.auth('userAdmin','userAdmin')
注意:是哪个库的用户需要切换个相应的库后进行登录操作。
4.退出:
db.logout()
不能执行的操作:
db.shutdownServer():关闭mongodb
show collections:查看集合
能执行的操作:
1.db.system.users.find().pretty():查看用户表
2.创建root用户:
db.createUser({'user':'root', 'pwd':'root', 'roles':[{'role':'root', 'db':'admin'}]})
创建读写readWrite用户:
db.createUser({'user':'lison','pwd':'lison','roles':[{'role':'readWrite','db':'lison'}]})
修改用户角色:
db.updateUser('lison',{'roles':[{'role':'readWriteAnyDatabase','db':'admin'},{'role':'read','db':'lison'}]})
updateUser()方法的官方文档:
db.updateUser(
"<username>",
{
customData : { <any information> },
roles : [
{ role: "<role>", db: "<database>" } | "<role>",
...
],
pwd: "<cleartext password>",
authenticationRestrictions: [
{
clientSource: ["<IP>" | "<CIDR range>", ...],
serverAddress: ["<IP>", | "<CIDR range>", ...]
},
...
],
mechanisms: [ "<SCRAM-SHA-1|SCRAM-SHA-256>", ... ],
passwordDigestor: "<server|client>"
},
writeConcern: { <write concern> }
)
修改用户密码:
use lison
db.changeUserPassword('lison','lison')
changeUserPassword()方法的官方文档:
use products
db.changeUserPassword("accountUser", "SOh3TbYhx8ypJPxmt1oOfL")
修改products集合中的用户accountUser的密码为SOh3TbYhx8ypJPxmt1oOfL,注意:用updateUser()方法也能修改密码。
删除用户:
db.dropUser('lison')
dropUser()方法的官方文档:
use products
db.dropUser("reportUser1", {w: "majority", wtimeout: 5000})
删除products集合中的reportUser1用户
查询用户
db.getUser('lison1')
getUser()的官方文档:
db.getUser( "<username>", {`在这里插入代码片`
showCredentials: <Boolean>,
showPrivileges: <Boolean>,
showAuthenticationRestrictions: <Boolean>,
filter: <document>
} )
注意:第二个参数为可选,而且默认都为false。
查询多个或全部用户:
db.getUsers()
官方文档:
db.getUsers( {
showCredentials: <Boolean>,
filter: <document>
} )
给用户赋角色:
db.grantRolesToUser( "lison1", [{'role':'read','db':'lison'}])
官方文档:
db.grantRolesToUser( "<username>", [ <roles> ], { <writeConcern> } )
use products
db.grantRolesToUser(
"accountUser01",
[ "readWrite" , { role: "read", db: "stock" } ],
{ w: "majority" , wtimeout: 4000 }
)
回收用户的角色:
db.revokeRolesFromUser('lison1',[{'role':'read','db':'lison'}])
官方文档:
use products
db.revokeRolesFromUser( "accountUser01",
[ { role: "read", db: "stock" }, "readWrite" ],
{ w: "majority" }
)
官方文档地址:1.用户管理:https://docs.mongodb.com/master/reference/method/#user-management
2.角色管理:https://docs.mongodb.com/master/core/security-built-in-roles/
部分说明:
