After the default installation of MongoDB is completed, the default installed MongoDB can be accessed without an account password; for the security of the connection, the authentication login must be enabled to ensure the security of the data
Table of contents
Two: Create a database management user
Four: Login and enable authentication
Attachment: MongoDB permission type
One: Create a super user
use admin;
db.createUser({user: 'admin', pwd: 'admin', roles: [{role: 'root', db: 'admin'}]});
# 在"admin"数据库中,创建"admin"用户,密码设置为"admin",授予该用户"超级用户角色"
Note: "Super user role" has the highest management authority of the database and can manage all databases
Two: Create a database management user
In MongoDB, different databases can create the same user name; for example, in the database "test1" and the database "test2", there is a "test" user, and these two users manage their own libraries respectively. The two databases are The "authentication database" of the two users (the "authentication database" of the login user needs to be provided as a distinction when the SQL client or tool connects)
> use test1
switched to db test1
> db.createUser({user: "test", pwd: "test", roles: [{ role: "dbOwner", db: "test1" }]})
# 在数据库"test1"中,创建用户test,设置密码test,设置角色dbOwner(可以在当前DB中执行任意操作)
> use test2
switched to db test2
> db.createUser({user: "test", pwd: "test", roles: [{ role: "dbOwner", db: "test2" }]})
# 在数据库"test2"中,创建用户test2,设置密码test2,设置角色dbOwner(可以在当前DB中执行任意操作)
Three: Restart the database
[root@test~]# systemctl restart mongodb
Four: Login and enable authentication
[root@test~]# mongo
> use admin
switched to db admin
> db.auth("admin", "admin")
# 首先使用use命令登录指定数据库,然后使用db.auth()命令进行用户认证,否则没有权限操作数据库
Attachment: MongoDB permission type
role description | role identification |
---|---|
database user role (Database User Roles) |
read: grant User the permission to read only data readWrite: grant User the permission to read and write data |
database management role (Database Administration Roles) |
dbAdmin: Perform management operations in the current DB dbOwner: Perform arbitrary operations in the current DB userAdmin: Manage Users in the current DB |
Backup and restore roles (Backup and Restoration Roles) |
backup restore |
Cross-library role (All-Database Roles) |
readAnyDatabase: grants permission to read data on all databases readWriteAnyDatabase: grants permission to read and write data on all databases userAdminAnyDatabase: grants permission to manage Users on all databases dbAdminAnyDatabase: grants permission to manage all databases |
cluster management role (Cluster Administration Roles) |
clusterAdmin: grant the highest authority to manage the cluster clusterManager: grant the authority to manage and monitor the cluster clusterMonitor: grant the authority to monitor the cluster, and have readonly authority to the monitoring tool hostManager: manage the Server |
superuser role (Super User) |
root: Grant the highest administrative authority to the database |