After MongoDB is installed, there are two startup methods:
>mongod
This is the default startup method without auth authorization verification enabled, or
>mongod --auth
This is using auth authority authentication. In this mode, auth verification must be done before each library is operated, and the test db is entered first by default, so once verification is enabled, it must be ensured that the test has added verification. The following is a brief process of creating a user.
Start MongoDB with auth authentication turned off, create a user with grant permissions, that is, account management,
> use admin switched to db admin > db.createUser( ... { ... user: "dba", ... pwd: "dba", ... roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] ... } ... ) Successfully added user: { "user" : "dba", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
In this way, the user ("dba", "dba") is created, it is stored in the admin, and the role is userAdminAnyDatabase (user-level database management authority), which can be used to manage other user accounts in the future. The roles of MongoDB are summarized here.
Built-In Roles | specific roles |
1. Database user roles: read, readWrite; 2. Database management roles: dbAdmin, dbOwner, userAdmin; 3. Cluster management roles: clusterAdmin, clusterManager, clusterMonitor, hostManager; 4. Backup and recovery roles: backup, restore; 5. All databases Roles: readAnyDatabase, readWriteAnyDatabase, userAdminAnyDatabase, dbAdminAnyDatabase 6. Super user role: root // There are several roles that indirectly or directly provide system super user access (dbOwner, userAdmin, userAdminAnyDatabase) 7. Internal role: __system |
Read: Allows the user to read the specified database readWrite: Allows the user to read and write the specified database dbAdmin: Allows the user to perform administrative functions in the specified database, such as index creation, deletion, viewing statistics or accessing system.profile userAdmin: Allows the user to the system.users collection For writing, you can create, delete, and manage the user clusterAdmin in the specified database: only available in the admin database, giving the user administrative rights to all shard and replication set-related functions. readAnyDatabase: only available in the admin database, giving the user read permission for all databases readWriteAnyDatabase: only available in the admin database, giving the user read and write permissions for all databases userAdminAnyDatabase: only available in the admin database, giving the user userAdmin permissions for all databases dbAdminAnyDatabase : Only available in the admin database, giving the user dbAdmin privileges on all databases. root: Only available in the admin database. super account, super authority |
So, first look at the changes
> show dbs admin 0.000GB local 0.000GB test 0.000GB young 0.006GB > use admin switched to db admin > show collections system.users system.version
It can be clearly seen that there are more admins in the database. Looking at the collection in admin, we can find that our newly created users are all saved in the collection system.users, and we can view the newly created commands through the command:
> db.system.users.find({user:"dba"}).pretty(); { "_id" : "admin.dba", "user" : "dba", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "bFBofkgvlS9/DEfuYBYFBA==", "storedKey" : "QAwo9n5KQ/ewyu/RJiJX8fk5LqY=", "serverKey" : "HUqkLsGk1g9NAfoheoQBuauwRo8=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
Next, we create a user test with readWrite permission for test respectively:
> db.createUser( ... ... { ... ... user: "test", ... ... pwd: "test", ... ... roles: [ { role: "readWrite", db: "test" } ] ... ... }); Successfully added user: { "user" : "test", "roles" : [ { "role" : "readWrite", "db" : "test" } ] }
, create a user run with readWrite permission for the young library:
> db.createUser( ... ... { ... ... user: "run", ... ... pwd: "run", ... ... roles: [ { role: "readWrite", db: "young" } ] ... ... }) Successfully added user: { "user" : "run", "roles" : [ { "role" : "readWrite", "db" : "young" } ] }
> db.createUser( ... ... { ... ... user: "run", ... ... pwd: "run", ... ... roles: [ { role: "readWrite", db: "young" } ] ... ... }) Successfully added user: { "user" : "run", "roles" : [ { "role" : "readWrite", "db" : "young" } ]
This basic user is created, and finally let's take a look at all the users just now:
> db.system.users.find({},{_id:0,credentials:0}).pretty(); { "user" : "dba", "db" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] } { "user" : "run", "db" : "young", "roles" : [ { "role" : "readWrite", "db" : "young" } ] } { "user" : "test", "db" : "test", "roles" : [ { "role" : "readWrite", "db" : "test" } ] }
At this point, the creation of user permissions is complete. Start MongoDB with auth authentication enabled (mongod --auth), and do some basic operations:
localhost:~ yfangjun$ mongo MongoDB shell version: 3.2.3 connecting to: test > db.auth("test","test"); 1 > use admin switched to db admin > db.auth("dba","dba"); 1 > show dbs; admin 0.000GB local 0.000GB test 0.000GB young 0.006GB > use young; switched to db young > db.auth("run","run"); 1 > show collections; app143897298787642 restaurants > db.restaurants.find({},{_id:0,"address.coord":1}).limit(1); { "address" : { "coord" : [ -73.961704, 40.662942 ] } }