Built-in role, with specific reference to: https://docs.mongodb.com/manual/reference/built-in-roles
Read: allows the user to read the specified database
readWrite: allows the user to specify the database to read and write
dbAdmin: allows the user to perform the specified database management functions, such as indexing to create, delete, view statistics or access system.profile
useradmin: allows the user to system.users collection write, you can find specify the database to create, delete, and manage user
clusterAdmin: admin is only available in the database, giving users all the fragmentation and replication set administrative privileges correlation function.
readAnyDatabase: admin is only available in the database, giving all users read access to the database
readWriteAnyDatabase: only available in the database admin, read and write access gives the user all databases
userAdminAnyDatabase: admin is only available in the database, the user gives permission userAdmin all databases
dbAdminAnyDatabase : only available in the database admin, user permissions given dbAdmin all databases.
root: admin is only available in the database. Super accounts, super powers
User files system.users table under admin database, MongoDB is no default access code is not safe
1. Add user adminUser database administrators and ordinary users herrywen
mongo --port 27017
use admin
db.createUser(
{
user: "adminUser",
pwd: "adminPass",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
use herrywen
db.createUser(
{
user: "herrywen",
pwd: "herrywen",
roles: [ { role: "readWrite", db: "herrywen" },
{ role: "read", db: "admin" } ]
}
)
2. 192.168.255.134 increase the profile, open verification
cat /etc/mongod.conf
security:
authorization: enabled
3. Restart mongdb service
systemctl restart mongdb
4. Test the look that you can access
[root@worker1 ~]# mongo --host 192.168.255.134 --port 27017 -u adminUser -p adminPass --authenticationDatabase "admin"
MongoDB shell version v4.2.1
connecting to: mongodb://192.168.255.134:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("f5114890-0b2e-43a2-8a60-a8b265e68a44") }
MongoDB server version: 4.2.1
MongoDB Enterprise > use admin;
switched to db admin
MongoDB Enterprise > show collections;
system.users
system.version
MongoDB Enterprise > exit
bye
5. If the direct landing, when switching admin library, suggesting no rights. Need to use db.auth () to verify
[root@worker1 ~]# mongo --host 192.168.255.134 --port 27017
MongoDB shell version v4.2.1
connecting to: mongodb://192.168.255.134:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("9bcb1b37-7cfa-4aff-8947-6d633eee01be") }
MongoDB server version: 4.2.1
MongoDB Enterprise > use admin
switched to db admin
MongoDB Enterprise > show collections;
Warning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus
MongoDB Enterprise > show collections;
Warning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus
MongoDB Enterprise > db.auth("adminUser","adminPass")
1
MongoDB Enterprise > show collections;
system.users
system.version
6. direct landing herrywen library
[root@worker1 ~]# mongo --host 192.168.255.134 --port 27017 -u herrywen -p herrywen --authenticationDatabase "herrywen"
MongoDB shell version v4.2.1
connecting to: mongodb://192.168.255.134:27017/?authSource=herrywen&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("9d906997-681a-43b4-b541-dbe5d197cd1f") }
MongoDB server version: 4.2.1
MongoDB Enterprise > use herrywen
switched to db herrywen
MongoDB Enterprise > show collections;
MongoDB Enterprise > db.test3.insert({title: 'MongoDB',
... description: 'hello,world',
... by: 'herrywen',
... url: 'http://www.51cto.com',
... tags: ['mongodb', 'database', 'NoSQL'],
... likes: 100})
WriteResult({ "nInserted" : 1 })
MongoDB Enterprise > show collections;
7. adminUser user to increase read and write access library herrywen
use ADMIN
db.grantRolesToUser ( "adminUser", [{Role: "readWrite", DB: "herrywen"}])
db.system.users.find () Pretty. ();
8. Add to herrywen users read, write and read permission admin database library herrywen1
use herrywen
db.grantRolesToUser ( "herrywen", [{Role: "readWrite", DB: "herrywen1"}, {Role: "Read", db: "admin"}])
View the current user has what rights
show users
9. herrywen revoke permissions to read and write permissions admin database herrywen1 library of
db.revokeRolesFromUser (
"herrywen",
[
{
"Role": "Read",
"DB": "admin"
},
{
"Role": " readWrite ",
" DB ":" herrywen1 "
}
]
)
10. See herrywen user rights of the current may be switched at heryrwen database using db.getUser ( 'herrywen') to view, but more trouble
MongoDB Enterprise > show users
{
"_id" : "herrywen.herrywen",
"userId" : UUID("68fc696d-9825-43b6-9afb-d4a040b480a3"),
"user" : "herrywen",
"db" : "herrywen",
"roles" : [
{
"role" : "readWrite",
"db" : "herrywen"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
11. The modified herrywen user's password
db.changeUserPassword ( "herrywen", "herrywen -2")
12. Delete herrywen user
db.dropUser ( "herrywen")