內(nèi)建角色,具體參考:https://docs.mongodb.com/manual/reference/built-in-roles
成都創(chuàng)新互聯(lián)公司一直通過(guò)網(wǎng)站建設(shè)和網(wǎng)站營(yíng)銷(xiāo)幫助企業(yè)獲得更多客戶資源。 以"深度挖掘,量身打造,注重實(shí)效"的一站式服務(wù),以成都網(wǎng)站建設(shè)、成都做網(wǎng)站、移動(dòng)互聯(lián)產(chǎn)品、成都營(yíng)銷(xiāo)網(wǎng)站建設(shè)服務(wù)為核心業(yè)務(wù)。10多年網(wǎng)站制作的經(jīng)驗(yàn),使用新網(wǎng)站建設(shè)技術(shù),全新開(kāi)發(fā)出的標(biāo)準(zhǔn)網(wǎng)站,不但價(jià)格便宜而且實(shí)用、靈活,特別適合中小公司網(wǎng)站制作。網(wǎng)站管理系統(tǒng)簡(jiǎn)單易用,維護(hù)方便,您可以完全操作網(wǎng)站資料,是中小公司快速網(wǎng)站建設(shè)的選擇。Read:允許用戶讀取指定數(shù)據(jù)庫(kù)
readWrite:允許用戶讀寫(xiě)指定數(shù)據(jù)庫(kù)
dbAdmin:允許用戶在指定數(shù)據(jù)庫(kù)中執(zhí)行管理函數(shù),如索引創(chuàng)建、刪除,查看統(tǒng)計(jì)或訪問(wèn)system.profile
userAdmin:允許用戶向system.users集合寫(xiě)入,可以找指定數(shù)據(jù)庫(kù)里創(chuàng)建、刪除和管理用戶
clusterAdmin:只在admin數(shù)據(jù)庫(kù)中可用,賦予用戶所有分片和復(fù)制集相關(guān)函數(shù)的管理權(quán)限。
readAnyDatabase:只在admin數(shù)據(jù)庫(kù)中可用,賦予用戶所有數(shù)據(jù)庫(kù)的讀權(quán)限
readWriteAnyDatabase:只在admin數(shù)據(jù)庫(kù)中可用,賦予用戶所有數(shù)據(jù)庫(kù)的讀寫(xiě)權(quán)限
userAdminAnyDatabase:只在admin數(shù)據(jù)庫(kù)中可用,賦予用戶所有數(shù)據(jù)庫(kù)的userAdmin權(quán)限
dbAdminAnyDatabase:只在admin數(shù)據(jù)庫(kù)中可用,賦予用戶所有數(shù)據(jù)庫(kù)的dbAdmin權(quán)限。
root:只在admin數(shù)據(jù)庫(kù)中可用。超級(jí)賬號(hào),超級(jí)權(quán)限
用戶文件在admin庫(kù)下的system.users表里,默認(rèn)MongoDB沒(méi)有訪問(wèn)密碼,不太安全
1.添加數(shù)據(jù)庫(kù)管理員用戶adminUser和普通用戶herrywen
mongo --port 27017
use admin
db.createUser(
{
user: "adminUser",
pwd: "adminPass",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
use herrywen
db.createUser(
{
user: "herrywen",
pwd: "herrywen",
roles: [ { role: "readWrite", db: "herrywen" },
{ role: "read", db: "admin" } ]
}
)
2.在192.168.255.134增加配置文件,開(kāi)啟驗(yàn)證
cat /etc/mongod.conf
security:
authorization: enabled
3.重啟mongdb服務(wù)systemctl restart mongdb
4.測(cè)試看下是否可以訪問(wèn)了
[root@worker1 ~]# mongo --host 192.168.255.134 --port 27017 -u adminUser -p adminPass --authenticationDatabase "admin"
MongoDB shell version v4.2.1
connecting to: mongodb://192.168.255.134:27017/?authSource=admin&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("f5114890-0b2e-43a2-8a60-a8b265e68a44") }
MongoDB server version: 4.2.1
MongoDB Enterprise > use admin;
switched to db admin
MongoDB Enterprise > show collections;
system.users
system.version
MongoDB Enterprise > exit
bye
5.如果直接登陸,在切換admin庫(kù)時(shí),提示沒(méi)有任何權(quán)限。需要使用db.auth()進(jìn)行驗(yàn)證
[root@worker1 ~]# mongo --host 192.168.255.134 --port 27017
MongoDB shell version v4.2.1
connecting to: mongodb://192.168.255.134:27017/?compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("9bcb1b37-7cfa-4aff-8947-6d633eee01be") }
MongoDB server version: 4.2.1
MongoDB Enterprise > use admin
switched to db admin
MongoDB Enterprise > show collections;
Warning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus
MongoDB Enterprise > show collections;
Warning: unable to run listCollections, attempting to approximate collection names by parsing connectionStatus
MongoDB Enterprise > db.auth("adminUser","adminPass")
1
MongoDB Enterprise > show collections;
system.users
system.version
6.直接登陸herrywen庫(kù)
[root@worker1 ~]# mongo --host 192.168.255.134 --port 27017 -u herrywen -p herrywen --authenticationDatabase "herrywen"
MongoDB shell version v4.2.1
connecting to: mongodb://192.168.255.134:27017/?authSource=herrywen&compressors=disabled&gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("9d906997-681a-43b4-b541-dbe5d197cd1f") }
MongoDB server version: 4.2.1
MongoDB Enterprise > use herrywen
switched to db herrywen
MongoDB Enterprise > show collections;
MongoDB Enterprise > db.test3.insert({title: 'MongoDB',
... description: 'hello,world',
... by: 'herrywen',
... url: 'http://www.51cto.com',
... tags: ['mongodb', 'database', 'NoSQL'],
... likes: 100})
WriteResult({ "nInserted" : 1 })
MongoDB Enterprise > show collections;
7.給adminUser用戶增加對(duì)herrywen庫(kù)的讀寫(xiě)權(quán)限
use admin
db.grantRolesToUser( "adminUser", [ { role: "readWrite", db: "herrywen" } ] )
db.system.users.find().pretty();
8.給herrywen用戶增加herrywen1庫(kù)的讀寫(xiě)權(quán)限和admin數(shù)據(jù)庫(kù)的讀權(quán)限
use herrywen
db.grantRolesToUser( "herrywen", [ { role: "readWrite", db: "herrywen1" } ,{ role: "read", db: "admin" } ] )
9.撤銷(xiāo)herrywen對(duì)herrywen1庫(kù)的讀寫(xiě)權(quán)限和admin數(shù)據(jù)庫(kù)的讀權(quán)限
db.revokeRolesFromUser(
"herrywen",
[
{
"role" : "read",
"db" : "admin"
},
{
"role" : "readWrite",
"db" : "herrywen1"
}
]
)
10.查看當(dāng)前herrywen用戶的權(quán)限,也可以切換heryrwen數(shù)據(jù)庫(kù)下,使用db.getUser('herrywen')查看,但是比較麻煩,可以直接使用show users
MongoDB Enterprise > show users
{
"_id" : "herrywen.herrywen",
"userId" : UUID("68fc696d-9825-43b6-9afb-d4a040b480a3"),
"user" : "herrywen",
"db" : "herrywen",
"roles" : [
{
"role" : "readWrite",
"db" : "herrywen"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
11.修改herrywen用戶的密碼db.changeUserPassword("herrywen","herrywen-2")
12.刪除herrywen用戶db.dropUser("herrywen")
另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)cdcxhl.cn,海內(nèi)外云服務(wù)器15元起步,三天無(wú)理由+7*72小時(shí)售后在線,公司持有idc許可證,提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國(guó)服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案,具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢(shì),專(zhuān)為企業(yè)上云打造定制,能夠滿足用戶豐富、多元化的應(yīng)用場(chǎng)景需求。
當(dāng)前名稱(chēng):mongodb的訪問(wèn)控制-創(chuàng)新互聯(lián)
本文地址:http://muchs.cn/article44/dpcsee.html
成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供網(wǎng)站內(nèi)鏈、微信公眾號(hào)、微信小程序、全網(wǎng)營(yíng)銷(xiāo)推廣、移動(dòng)網(wǎng)站建設(shè)、App設(shè)計(jì)
聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)
猜你還喜歡下面的內(nèi)容