MongoDB用戶及權(quán)限管理之角色說明的示例分析

這篇文章給大家分享的是有關(guān)MongoDB用戶及權(quán)限管理之角色說明的示例分析的內(nèi)容。小編覺得挺實用的，因此分享給大家做個參考，一起跟隨小編過來看看吧。

成都創(chuàng)新互聯(lián)公司專注為客戶提供全方位的互聯(lián)網(wǎng)綜合服務，包含不限于成都網(wǎng)站制作、成都做網(wǎng)站、外貿(mào)營銷網(wǎng)站建設(shè)、克拉瑪依區(qū)網(wǎng)絡(luò)推廣、重慶小程序開發(fā)、克拉瑪依區(qū)網(wǎng)絡(luò)營銷、克拉瑪依區(qū)企業(yè)策劃、克拉瑪依區(qū)品牌公關(guān)、搜索引擎seo、人物專訪、企業(yè)宣傳片、企業(yè)代運營等，從售前售中售后，我們都將竭誠為您服務，您的肯定，是我們最大的嘉獎；成都創(chuàng)新互聯(lián)公司為所有大學生創(chuàng)業(yè)者提供克拉瑪依區(qū)建站搭建服務，24小時服務熱線：13518219792，官方網(wǎng)址：muchs.cn

mongodb安裝完后默認是不開啟auth模塊的，普通用戶和超級管理員均不通過認證就可操作。當然裸奔有風險，安全起見還是開啟auth模塊。

首先需要了解下面幾點：

1、mongodb是沒有默認管理員賬號，所以要先添加管理員賬號，然后開啟權(quán)限認證。

2、切換到admin數(shù)據(jù)庫，添加的賬號才是管理員賬號。

3、用戶只能在用戶所在數(shù)據(jù)庫登錄，包括管理員賬號。

4、管理員可以管理所有數(shù)據(jù)庫，但是不能直接管理其他數(shù)據(jù)庫，要先在admin數(shù)據(jù)庫認證后才可以。這一點比較怪。

1.用戶權(quán)限角色說明

1.1  Database User Roles

• read

允許用戶讀取指定數(shù)據(jù)庫

Provides the ability to read data on allnon-system collections and on the following system collections: system.indexes,system.js, and system.namespaces collections.

擁有如下權(quán)限：

aggregate,checkShardingIndex,cloneCollectionAsCapped,collStats count,dataSize,dbHash,dbStats,distinct,filemd5 geoNear,geoSearch,geoWalk,group mapReduce (inline output only.),text (beta  feature.)

• readWrite

允許用戶讀寫指定數(shù)據(jù)庫

Provides all the privileges of the readrole and the ability to modify data on all non-system collections and thesystem.js collection.

除了具有read權(quán)限，還擁有以下權(quán)限：

cloneCollection (as the target  database.),convertToCapped create (and to create collections implicitly.) drop(),dropIndexes,emptycapped,ensureIndex() findAndModify,mapReduce (output to a collection.) renameCollection (within the same database.) read和readWrite只要就是對庫中表的操作權(quán)限

1.2 Database Administration Roles

• dbAdmin

允許用戶在指定數(shù)據(jù)庫中執(zhí)行管理函數(shù)，如索引創(chuàng)建、刪除，查看統(tǒng)計或訪問system.profile

Provides the ability to performadministrative tasks such as schema-related tasks, indexing, gatheringstatistics. This role does not grant privileges for user and role management.

擁有如下權(quán)限：

clean,collMod,collStats,compact,convertToCapped create,db.createCollection(),dbStats,drop(),dropIndexes,ensureIndex() indexStats,profile,reIndex,renameCollection  (within a single database.),validate

• dbOwner

Provides the ability to perform anyadministrative action on the database. This role combines the privilegesgranted by the readWrite, dbAdmin and userAdmin roles.

• userAdmin

允許用戶向system.users集合寫入，可以找指定數(shù)據(jù)庫里創(chuàng)建、刪除和管理用戶

Provides the ability to create and modifyroles and users on the current database. Since the userAdmin role allows usersto grant any privilege to any user, including themselves, the role alsoindirectly provides superuser access to either the database or, if scoped tothe admin database, the cluster.

1.3 Cluster Administration Roles

• clusterAdmin

只在admin數(shù)據(jù)庫中可用，賦予用戶所有分片和復制集相關(guān)函數(shù)的管理權(quán)限。

Provides the greatest cluster-managementaccess. This role combines the privileges granted by the clusterManager,clusterMonitor, and hostManager roles. Additionally, the role provides thedropDatabase action.

擁有如下權(quán)限：

addShard,closeAllDatabases,connPoolStats,connPoolSync,_cpuProfilerStart _cpuProfilerStop,cursorInfo,diagLogging,dropDatabase enableSharding,flushRouterConfig,fsync,db.fsyncUnlock() getCmdLineOpts,getLog,getParameter,getShardMap,getShardVersion hostInfo,db.currentOp(),db.killOp(),listDatabases,listShards logRotate,moveChunk,movePrimary,netstat,removeShard,unsetSharding repairDatabase,replSetFreeze,replSetGetStatus,replSetInitiate replSetMaintenance,replSetReconfig,replSetStepDown,replSetSyncFrom resync,serverStatus,setParameter,setShardVersion,shardCollection shardingState,shutdown,splitChunk,splitVector,split,top,touch

• clusterManager

Provides management and monitoring actionson the cluster. A user with this role can access the config and localdatabases, which are used in sharding and replication, respectively.

• clusterMonitor

Provides read-only access to monitoringtools, such as the MongoDB Cloud Manager and Ops Manager monitoring agent.

• hostManager

Provides the ability to monitor and manageservers.

1.4 Backup and Restoration Roles

• backup

Provides privileges needed to back up data.This role provides sufficient privileges to use the MongoDB Cloud Managerbackup agent, Ops Manager backup agent, or to use mongodump.

• restore

Provides privileges needed to restore datawith mongorestore without the --oplogReplay option or without system.profilecollection data.

1.5 All-Database Roles

• readAnyDatabase

只在admin數(shù)據(jù)庫中可用，賦予用戶所有數(shù)據(jù)庫的讀權(quán)限

Provides the same read-only permissions asread, except it applies to all but the local and config databases in thecluster. The role also provides the listDatabases action on the cluster as awhole.

• readWriteAnyDatabase

只在admin數(shù)據(jù)庫中可用，賦予用戶所有數(shù)據(jù)庫的讀寫權(quán)限

Provides the same read and writepermissions as readWrite, except it applies to all but the local and configdatabases in the cluster. The role also provides the listDatabases action onthe cluster as a whole.

• userAdminAnyDatabase

只在admin數(shù)據(jù)庫中可用，賦予用戶所有數(shù)據(jù)庫的userAdmin權(quán)限

Provides the same access to useradministration operations as userAdmin, except it applies to all but the localand config databases in the cluster.

Since the userAdminAnyDatabase role allowsusers to grant any privilege to any user, including themselves, the role alsoindirectly provides superuser access.

• dbAdminAnyDatabase

只在admin數(shù)據(jù)庫中可用，賦予用戶所有數(shù)據(jù)庫的dbAdmin權(quán)限。

Provides the same access to databaseadministration operations as dbAdmin, except it applies to all but the localand config databases in the cluster. The role also provides the listDatabasesaction on the cluster as a whole.

1.6 Superuser Roles

• root

只在admin數(shù)據(jù)庫中可用。超級賬號，超級權(quán)限

Provides access to the operations and allthe resources of the readWriteAnyDatabase, dbAdminAnyDatabase,userAdminAnyDatabase, clusterAdmin, restore, and backup combined.

感謝各位的閱讀！關(guān)于“MongoDB用戶及權(quán)限管理之角色說明的示例分析”這篇文章就分享到這里了，希望以上內(nèi)容可以對大家有一定的幫助，讓大家可以學到更多知識，如果覺得文章不錯，可以把它分享出去讓更多的人看到吧！

名稱欄目：MongoDB用戶及權(quán)限管理之角色說明的示例分析
標題鏈接：http://muchs.cn/article12/ihcjdc.html

成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián)，為您提供自適應網(wǎng)站、小程序開發(fā)、電子商務、網(wǎng)站內(nèi)鏈、做網(wǎng)站、建站公司

廣告

聲明：本網(wǎng)站發(fā)布的內(nèi)容（圖片、視頻和文字）以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主，如果涉及侵權(quán)請盡快告知，我們將會在第一時間刪除。文章觀點不代表本網(wǎng)站立場，如需處理請聯(lián)系客服。電話：028-86922220；郵箱：631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載，或轉(zhuǎn)載時需注明來源： 創(chuàng)新互聯(lián)