Mongodb 3.0 Create User

MongoDB 3.0 Security access control, in the addition of users above the 3.0 version and the previous version there is a big difference, here is the next 3.0 of the method of adding users.

Create the first user (the user needs to have grant permission, that is, authorization rights for account management)

1. Start the database in a non-auth authentication mode: [[email protected] ~]$ Mongod--dbpath=/mongodb/data--logpath=/mongodb/log/trace.log--logappend  --port=27017--fork[[email protected] ~]$ mongomongodb shell version:3.2.4connecting to:test> show dbslocal
    
     0.000GB      #当前只有一个local库, admin library does not exist > 2. Create user > Use admin #帐号是跟着库走的 under the specified database,         so to create a user in the specified library, you must also verify it in the specified library ( AUTH) switched to DB admin> db.createuser (...    {...  User: "DBA",...  PWD: "DBA",...  Roles: [{role: ' Useradminanydatabase ', db: ' admin '}] ...    } ... ); > User: Username pwd:  password roles: Specifies the user's role, an empty array can be used to set an empty role for the new user; In the Roles field, you can specify built-in roles and user-defined roles. Roles in role can be selected: Built-in Roles (built-in role): 1. Database user role: Read, readwrite;2. Database management roles: DbAdmin, Dbowner, useradmin;3. Cluster Management roles: Clusteradmin, Clustermanager, Clustermonitor, hostmanager;4. Backup recovery role: backups, restore;5. All database roles: Readanydatabase, Readwriteanydatabase,useradminanydatabase, DbAdminAnyDatabase6. Super User role: Root  7. Internal role: __system
    

　　

The first user "DBA" with the useradminanydatabase role has just been established. This role can be used to create, delete users

Turn on Auth authentication mode to start the database

[Email protected] ~]$ mongod--dbpath=/mongodb/data--logpath=/mongodb/log/trace.log--logappend--auth  --port= 27017--fork[[email protected] ~]$ mongomongodb shell version:3.2.4connecting to:test> use admin               #因为是在admin下面添加的 Account, so go to admin to verify (connect). Switched to DB admin> show dbs;2016-03-27t10:44:27.039-0400 E QUERY    [thread1] error:listdatabases failed:{        " OK ": 0,        " errmsg ":" Not authorized on Admin to execute command {listdatabases:1.0} ",        " code ": > Db.auth (' DBA ', ' DBA ');   #相当于输入用户名/password verification (connection) 1> show Dbs;admin  0.000GBlocal  0.000gb>

Create two test users

> Use admin> db.auth (' dba ', ' DBA ');> with #切换到test数据库, these two users are switched to DB test> DB created under test  . CreateUser (... {... User: "Polestar",... pwd: "Polestar",... roles: [{role: "read", DB: "Test"}] ...} ... )  > Db.createuser (... {... User: "POLESTAR_RW",... pwd: "Polestar",... roles: [{role: "ReadWrite", DB: "Test"}] ...} ... );            > > Show Users;                #test数据库下只有两个用户 {"_id": "Test.polestar", "User": "Polestar", "DB": "Test", "Roles": [ {"Role": "read", "DB": "Test"}]}                {"_id": "TEST.POLESTAR_RW", "User": "POLESTAR_RW", "DB": "Test", "Roles": [ {"Role": "ReadWrite", "DB": "Test"}]}           > > Use admin; #admin数据库下只有一个用户switched to DB admin> show users;    {"_id": "Admin.dba",    "User": "DBA", "DB": "admin", "roles": [{"Role": "Useradmina Nydatabase "," db ":" Admin "}]}>

　　

Is there a super privilege? Not only can authorization, but also can be arbitrary operation of the collection? The answer is yes, but it is not recommended. That is, role roles are set to root.

Create a super-privileged user

> Use admin;switched to DB admin> db.auth (' dba ', ' DBA ') 1 > Db.createuser (...   {... User: "root",... pwd: "Root",... roles: [{role: "root", DB: "admin"}] ...   } ... ) > > Db.auth (' Root ', ' root ')         

Because the account is authorized under the current database that requires authorization, what if it is not in the current database?

> Use adminswitched to DB admin> db.createuser (... {... User: "Mgdb",... pwd: "Mgdb",... roles: [{role: "ReadWrite", DB: "Test"}] #在admin库下创建test库的帐号 ...} ... ) >> Show Users;                        {"_id": "Admin.dba", "User": "DBA", "DB": "admin", "roles": [{ "Role": "Useradminanydatabase", "db": "Admin"}]}{"_i                        D ":" Admin.root "," User ":" Root "," db ":" admin "," roles ": [{        "Role": "Root", "db": "Admin"}]}{"_id": "Admin.mgdb",                        "User": "Mgdb", "db": "admin", "roles": [{"Role": "ReadWrite", "DB": "Test"}]}> > Use testswitched to DB test> db.auth (' mgdb ', ' mg DB ');    Error:authentication failed. #在admin下创建的帐号, you cannot verify,0> use ADM directly in other librariesIn #只能在帐号创建库下认证, go to other libraries to operate switched to DB admin> Db.auth (' mgdb ', ' mgdb ');1> use testswitched to DB  Test> Db.abc.insert ({"A": 1111, "B": 2222}) Writeresult ({"ninserted": 1}) >

Mongodb 3.0 Create User