MongoDB User Rights Management configuration

Environment

MongoDB 3.4
WINDOW7 MongoDB Common Commands

[Root@snails ~]# ps-ef|grep mongod
[root@snails ~]# MONGO--host=127.0.0.1--port=27017
MongoDB Shell Version:3 .2.7
connecting To:127.0.0.1:27017/test

> Show dbs  #显示数据库列表 
> Show Collections  # Displays a collection in the current database (similar to a table in a relational database)
> Show Users  #显示用户
> Use <db name>  #切换当前数据库, create a database if the database does not exist. 
> Db.help ()  #显示数据库操作命令, there are a lot of commands 
> Db.foo.help ()  #显示集合操作命令, also have a lot of commands, Foo refers to the current database, A collection called Foo, not a real command 
> Db.foo.find ()  #对于当前数据库中的foo集合进行数据查找 (all data is listed due to no conditions) 
> Db.foo.find ({A : 1})  #对于当前数据库中的foo集合进行查找, provided the data has a property called a, and A has a value of 1

MongoDB does not have a command to create a database, but there are similar commands. For example: If you want to create a "myTest" database, run the use
MyTest command, and then do something (such as db.createcollection (' user ')) so that you can create a database called "MyTest". Other Commands

> db.dropdatabase ()  #删除当前使用数据库
> Db.clonedatabase ("127.0.0.1")   #将指定机器上的数据库的数据克隆到当前数据库
> Db.copydatabase ("MyDB", "temp", "127.0.0.1")  #将本机的mydb的数据复制到temp数据库中
> Db.repairdatabase ()  # Repair the current database
> Db.getname ()  #查看当前使用的数据库, or directly with DB
> Db.stats ()  #显示当前db状态
> Db.version ()  #当前db版本
> Db.getmongo ()  # View the current DB link machine address
> Db.serverstatus ()  #查看数据库服务器的状态

Demand

MongoDB after the installation is complete, the default is not required to enter the user name password to log in, but often the database we will be security considerations and set the user name password, this article mainly describes the MongoDB add administrator/Ordinary user method. User Rights Settings summed up four articles online MongoDB does not have a default administrator account, so you need to add an administrator account, and then turn on permission authentication. Switch to the Admin database, add the account is the Administrator account. Users can only log in to the user's database, including the administrator account. Administrators can manage all databases, but not directly manage other databases, before they can be certified in the Admin database. Create an Administrator account

The admin database, add a user with the Useradminanydatabase role.
For example, the following creates the user Myuseradmin in the admin
Database

In the admin database, add a user and assign the useradminanydatabase role.
For example, the following is the creation of a user named Myuseradmin in the admin database.

Note: The database where you create the user (in this example, admin) is the user's authentication database. Although the user would authenticate to this database, the user can has roles in other databases; i.e. the user's authentication database does not limit the user ' s privileges.

Note: The database where you create the user (this is the admin database) is the user authentication database.
Although the user is authenticated in this database, and the user has another database role, that is, the user authentication database does not restrict user permissions.

Start cmd under Window Administrator and connect to MongoDB,
Connection command:

D:\Program Files\mongodb\server\3.4\bin>mongo.exe

To create a user command:

Use admin
db.createuser (
  {
    User: "Myuseradmin",
    pwd: "abc123",
    roles: [{role: " Useradminanydatabase ", DB:" Admin "}]
  }
)
#结果
successfully added User: {
    " user ":" admin ",
    " Roles ": [
        {
            " role ":" Useradminanydatabase ",
            " db ":" Admin "
        }
    ]
}

Execute the following command to see the results

> Show Users
> Db.system.users.find ()

turn on permission validation

In window:
D:\Program files\mongodb\server\3.4\mongod.cfg
This configuration file is my own manual configuration, about MongoDB configuration, can refer to:
Installation and configuration of the mongodb3.4

Added in the configuration file.

Security:
    authorization:enabled

All configurations:

Systemlog:
    destination:file
    path:d:\mongodbdata\log\mongod.log
    logappend:true
Storage:
    Journal:
        enabled:true
    dbpath:d:\mongodbdata\db
Net:
    bindip:127.0.0.1
    port:27017
Security:
    authorization:enabled

Liunx:

[Root@snails ~]# echo "auth = true" >>/root/mongodb/bin/mongodb.conf
[root@snails ~]# systemctl Restart Syste Md-mongodb

This is followed by restarting the Mongod instance. That means restarting the MongoDB service. Verify that permissions are in effect

D:\Program files\mongodb\server\3.4\bin>mongo.exe
MongoDB Shell version v3.4.1
connecting to:mongodb:/ /127.0.0.1:27017
MongoDB Server version:3.4.1
> Use admin
switched to DB admin
> Db.auth (' Myuseradmin ', ' abc123 ')
1
> Show dbs
admin  0.000GB
Local  0.000GB

add a regular user

Once authenticated as the user administrator, use Db.createuser () to create additional users. Can assign any built-in roles or user-defined roles to the users.

Once a certified User administrator can use Db.createuser () to create additional users.
You can assign MongoDB built-in roles or user-defined roles to users.

The Myuseradmin user is privileges to manage users and roles. As Myuseradmin, if you attempt to perform any other operations, such as read from a Foo collection in the test database, M Ongodb returns an error.

This myuseradmin user only has the privilege to manage users and roles, myuseradmin, and if you try to do anything else, such as reading the data in the Foo collection in the test database, MongoDB will return an error.

Note: The database where you create the user (in this example, test) is that user's authentication database. Although the user would authenticate to this database, the user can has roles in other databases; i.e. the user's authentication database does not limit the user ' s privileges.

The database where you create the user (this is the test database) is the user authentication database. Although user authentication is the database, users can still have roles in other databases. That is, the user authentication database does not restrict user permissions.

To create a normal user:

>use Test
> Db.createuser (
... {
... User: "Test1",
... pwd: "Test1",
... roles: [{role: "ReadWrite", DB: "Test"}]
...}
... )
Successfully added User: {
        "user": "Test1",
        "roles": [
                {
                        "role": "ReadWrite",
                        "db": "Test" 
  }
        ]
}
> Exit
bye

D:\Program files\mongodb\server\3.4\bin>mongo.exe
MongoDB Shell version v3.4.1
connecting to:mongodb://127.0.0.1:27017
MongoDB server version:3.4.1

> use Test
switched to DB Test
> Db.auth (' test1 ', ' test1 ')
1

Create a hyper-polar user root

Execute in cmd in window:

Use admin
db.createuser (
  {
    User: "Root",
    pwd: "Root",
    roles: [{role: "root", DB: "admin"}]
  }
);

MongoDB Database Role

built-in role
Database User Role: Read, ReadWrite;
Database Management Roles: DbAdmin, Dbowner, useradmin;
Cluster Management Roles: Clusteradmin, Clustermanager, Clustermonitor, Hostmanager;
Backup Recovery Role: Backup, restore;
All database Roles: Readanydatabase, Readwriteanydatabase, Useradminanydatabase, dbadminanydatabase
Super User Role: root//There are several roles that indirectly or directly provide access to the system's Superuser (Dbowner, Useradmin, Useradminanydatabase)
internal role: __system
Role Description:
Read: Allows the user to read the specified database
ReadWrite: Allows the user to read and write to the specified database
DbAdmin: Allows the user to perform administrative functions in the specified database, such as index creation, deletion, viewing statistics, or accessing System.profile
Useradmin: Allows users to write to the System.users collection, to create, delete, and manage users in the specified database
Clusteradmin: Available only in the admin database, giving the user administrative privileges on all shards and replica set related functions.
Readanydatabase: Only available in the Admin database, giving the user read access to all databases
Readwriteanydatabase: Only available in the Admin database, giving users read and write access to all databases
Useradminanydatabase: Only available in the Admin database, giving the user useradmin permissions for all databases
Dbadminanydatabase: Only available in the Admin database, giving the user dbadmin permissions for all databases.
Root: Available only in the admin database. Super account, Super privilege

Website Reference Address:
Http://docs.mongoing.com/manual-zh/tutorial/enable-authentication.html

How to configure user Rights Management for MongoDB 3.2.7

MongoDB Learning notes-rights Management