Notes -mongodb- users and roles

Others 2019-06-09 02:57:27 views: null

Notes -mongodb- users and roles

 

1.      users

In fact mongodb supports multiple authentication methods, this article only mentioned the simplest and most common way.

 

1.1.  Authentication Database

When adding a user, you create the user in a specific database. This database is the authentication database for the user.

A user can have privileges across different databases; that is, a user’s privileges are not limited to their authentication database. By assigning to the user roles in other databases, a user created in one database can have permissions to act on other databases. For more information on roles, see Role-Based Access Control.

The user’s name and authentication database serve as a unique identifier for that user. That is, if two users have the same name but are created in different databases, they are two separate users. If you intend to have a single user with permissions on multiple databases, create a single user with roles in the applicable databases instead of creating the user multiple times in different databases.

1. mongodb users is dependent on a database; a user may be described as username @ database, the user with the same name in different databases as different users;

2. User permissions can cross database, which depends on the role;

 

1.2.    Authenticate a User

There are two ways to authenticate users:

mongod command

db.auth () method

 

1.3.    create user

Create a user createUser () method.

use reporting

db.createUser(

  {

    user: "reportsUser",

    pwd: "12345678",

    roles: [

       { role: "read", db: "reporting" },

       { role: "read", db: "products" },

       { role: "read", db: "sales" },

       { role: "readWrite", db: "accounts" }

    ]

  }

)

 

role on behalf of roles in the following section lists common role;

db represents the database.

 

1.4. Enable authentication enable auth

There are two ways:

  1. Command: mongod command with parameters -auth
  2. Profile: In the configuration file to add auth = true # concrete may be different because of the different versions

 

2.      ROLE

mongodb built a number of roles, it can also be created by the user, with almost other databases;

 

2.1.    Database User Roles

Every database includes the following roles:

The two most common roles.

Role

Short Description

read

Provides the ability to read data on all non-system collections and on the following system collections: system.indexessystem.js, and system.namespacescollections.

For the specific privileges granted by the role, see read.

readWrite

Provides all the privileges of the read role and the ability to modify data on all non-system collections and the system.js collection.

For the specific privileges granted by the role, see readWrite.

 

2.2.    Database Administration Roles

Every database includes the following database administration roles:

Role

Short Description

dbAdmin

Provides the ability to perform administrative tasks such as schema-related tasks, indexing, gathering statistics. This role does not grant privileges for user and role management.

For the specific privileges granted by the role, see dbAdmin.

dbOwner

Provides the ability to perform any administrative action on the database. This role combines the privileges granted by the readWritedbAdmin and userAdmin roles.

userAdmin

Provides the ability to create and modify roles and users on the current database. Since the userAdmin role allows users to grant any privilege to any user, including themselves, the role also indirectly provides superuser access to either the database or, if scoped to the admin database, the cluster.

For the specific privileges granted by the role, see userAdmin.

 

2.3.    All-Database Roles

Changed in version 3.4.

These roles in the admin database apply to all but the local and config databases in a mongod instance:

Role

Short Description

readAnyDatabase

slightly

readWriteAnyDatabase

slightly

userAdminAnyDatabase

slightly

dbAdminAnyDatabase

slightly

 

There is also a super role role called root, is above the four basic roles fit version.

 

2.4.    collection-level access control

You can set privileges in the role attribute, which provides access control for a set level.

privileges: [

  { resource: { db: "products", collection: "inventory" }, actions: [ "find", "update", "insert" ] },

  { resource: { db: "products", collection: "orders" },  actions: [ "find" ] }

]

 

Creating a Role:

use admin

db.createRole(

   {

     role: "manageOpRole",

     privileges: [

       { resource: { cluster: true }, actions: [ "killop", "inprog" ] },

       { resource: { db: "", collection: "" }, actions: [ "killCursors" ] }

     ],

     roles: []

   }

)

 

Guess you like

Origin www.cnblogs.com/wodeboke-y/p/10992064.html
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com