MongoDB 3.0+ Security access control

1. Start MongoDB service without access control
sudo service Mongod start

2. Connect to an instance
MONGO--port 27017
Specify additional command-line options to connect the MONGO shell to the deployment MongoDB server, such as--host

3. Created User Administrator
Use admin
Db.createuser (
{
User: "Myuseradmin",
PWD: "abc123",
Roles: [{role: ' Useradminanydatabase ', db: ' admin '}]
}
)

4. Restart the MongoDB instance and enable access control
1. Restart the Mongod instance, if using the configuration file settings, Security.authorization:
Vi/etc/mongod.conf
What to modify:

    security:      authorization: enabled2、注意：keys and values之间一定要加空格, 否则解析会报错    重启服务：    sudo service mongod start

5. User Administrator Authentication
1, to create a connection MONGO shell authorization, specify-u <username>,-P <password>, and the--authenticationdatabase <database>
MONGO--port 27017-u "Myuseradmin"-P "abc123"--authenticationdatabase "admin"

2、mongo shell连接时不认证，使用db.auth()授权    use admin    db.auth("myUserAdmin", "abc123" )

How to add users after--------------------server to turn on authentication--------------------
1. Start the access control of the MongoDB instance
Start the Mongod instance auth command-line option if you use the configuration file settings, Security.authorization.
sudo service Mongod start

2. Connect MongoDB instance via localhost exception
Add the first user, using localhost Exception, to connect a Mongod instance. Running MONGO shell and Mongod instances must come from the same host

3, the same as the creation of user mode

--------------------security access for ordinary users--------------------
1. Start MongoDB
Service Mongod Start

2. Open the MongoDB shell again
1, MONGO--port 27017-u "Myuseradmin"-P "abc123"--authenticationdatabase "admin"

2、mongo    use admin    db.auth("myUserAdmin","abc123")3、show collections:报错    因为用户myUserAdmin只用用户的管理权限

3, create users, users follow the database to go
Create user myuseradmin for myuseradmin in the admin database
Use admin
Db.createuser (
{
User: "Myuseradmin",
PWD: "abc123",
Roles: [{role: ' Useradminanydatabase ', db: ' admin '}]
}
)

4. View the user you just created
Show Users

5. View entire MongoDB users
Use admin
Db.system.users.find ()

Db.system.users.find (). Pretty ()

6, the creation is complete, carries on the verification

Use test
Db.auth (' test1 ', ' test1 ')
1
Show collections
Ypmlist

--------------------Modify Permissions--------------------
1, UpdateUser () method:
1. Example
Db.updateuser (
"<username>",
{
CustomData: {<any information>},
Roles: [
{role: ' <role> ', db: ' <database> '} | "<role>",
...
],
PWD: "<cleartext password>"
},
Writeconcern: {<write concern>}
)

2、参数介绍：       1、username：要更新的用户名。    2、update：替换用户数据的文档，此数据完全取代了用户的相应数据。    3、writeConcern：可选，写操作级别。3、指定要更新的字段和他们的新值：    1、customData：可选。任意信息。    2、roles：可选。授予用户的角色。对角色数组覆盖以前的数组的值更新    3、pwd：可选。用户密码

--------------------Modify Permission Actions--------------------
Instance:

Use admin
Switched to DB admin
Db.auth ("Myuseradmin", "abc123")
1
Use test
Db.updateuser (
"Test1",
{
PWD: "Itcast",
CustomData: {title: "Senior Manager"},
"Roles": [
{
"Role": "ReadWrite",
"DB": "Test"
},
{
"Role": "ReadWrite",
"DB": "Example"
}

   })

--------------------Super User--------------------
Use admin
Db.createuser (
{
User: "Itcast",
PWD: "Itcast",
Roles: [{role: ' Root ', db: ' admin '}]
}
)

2. System Default role:
1. READ: Allows the user to read the specified database

2、readWrite：允许用户读写指定数据库3、dbAdmin：允许用户在指定数据库中执行管理函数，如索引创建、删除，查看统计或访问system.profile4、userAdmin：允许用户向system.users集合写入，可以找指定数据库里创建、删除和管理用户5、clusterAdmin：只在admin数据库中可用，赋予用户所有分片和复制集相关函数的管理权限。6、readAnyDatabase：只在admin数据库中可用，赋予用户所有数据库的读权限7、readWriteAnyDatabase：只在admin数据库中可用，赋予用户所有数据库的读写权限8、userAdminAnyDatabase：只在admin数据库中可用，赋予用户所有数据库的userAdmin权限9、dbAdminAnyDatabase：只在admin数据库中可用，赋予用户所有数据库的dbAdmin权限。10、root：只在admin数据库中可用。超级账号，超级权限

MongoDB 3.0+ Security access control