Add user and permission control in MongoDB 3.x

Now you need to create an account that requires grant permission, which is the authorization permission for account management. Note that the account is followed by the library, so authorization in the specified library must also be verified in the specified library (auth)

1. In the admin library, add the user and authorize the use
                        admin;
                        Db.createuser (
                        {
                            User: "Boot_admin",
                            pwd: "Boot_admin",
                            roles:
                            [
                              {
                                role: "ReadWrite",
                                db: "admin"
                              }
                            ]
                          }
                        );

2. Verify the use admin in the Admin library
                        ;
                        Db.auth (' boot_admin ', ' boot_admin ')

Description

User: Username

PWD: Password

Roles: Specifies the role of the user, an empty array can be used to set the null role for the new user; In the Roles field, you can specify built-in roles and user-defined roles. Roles in role can be selected:

Built-in Roles (built-in role):
    1. Database user role: Read, readWrite;
    2. Database management roles: DbAdmin, Dbowner, Useradmin;
    3. Cluster Management role: Clusteradmin, Clustermanager, Clustermonitor, Hostmanager;
    4. Backup Restore role: backups, restore;
    5. All database roles: Readanydatabase, Readwriteanydatabase, Useradminanydatabase, Dbadminanydatabase
    6. Super User role: Root  
    //There are several roles here that indirectly or directly provide access to the system's Superuser (Dbowner, Useradmin, Useradminanydatabase)
    7. Internal role: __system

Specific roles:

READ: Allows the user to read the specified database readWrite: Allows the user to read and write to the
specified database
dbAdmin: Allows the user to perform administrative functions in the specified database, such as index creation, deletion, view statistics, or access System.profile
Useradmin: Allows the user to write to the System.users collection, can be found in the specified database to create, delete and manage user
Clusteradmin: Only available in the Admin database, give the user all the Shard and replica set related functions of administrative rights.
readanydatabase: Only available in the Admin database, giving the user read access to all databases
readwriteanydatabase: Only available in the Admin database, giving users read and write access
to all databases Useradminanydatabase: Only available in the Admin database, giving the user useradmin permissions to all databases
dbadminanydatabase: Only available in the admin database, Gives the user dbadmin permissions for all databases.
Root: Available only in the admin database. Super account, Super privilege

eg

> Use admin
switched to DB admin
> Db.createuser (
...   {
...     User: "DBA",
...     PWD: "DBA",
...     Roles: [{role: ' Useradminanydatabase ', db: ' admin '}]
...   }
... )
Successfully added User: {
    "user": "DBA",
    "roles": [
        {
            "role": "Useradminanydatabase",
            "DB" : "Admin"
        }
    ]
}

The useradminanydatabase role has just been set up to manage users who can create and delete users through this role. Verify: The auth parameter needs to be turned on.

MONGO--port=27020 MongoDB Shell version:3.0.4 connecting to:127.0.0.1:27020/test > Show DBS;
# # # #没有验证, cause no permissions. 2015-06-29t10:02:16.634-0400 E QUERY error:listdatabases failed:{"OK": 0, "errmsg": "Not authorized on ADMI N to execute command {listdatabases:1.0} ', ' Code ': ' At Error ' (<anonymous>) at Mongo.getdbs (src/ MONGO/SHELL/MONGO.JS:47:15) at Shellhelper.show (src/mongo/shell/utils.js:630:33) at Shellhelper (src/mongo/shell/ utils.js:524:36) at (SHELLHELP2): 1:1 in src/mongo/shell/mongo.js:47 > Use admin #验证 because the account added under admin, so go to Admi
n Verify below.
Switched to DB admin > Db.auth (' dba ', ' DBA ') 1 > show DBS;     Admin 0.078GB local 0.078GB > Use test #在test库里创建帐号 switched to DB Test > Db.createuser (...          {... User: "Zjyr", ... pwd: "Zjyr", ... roles: [...
{role: "read", DB: "Test"} #只读帐号 ...]
...     }
... )
Successfully added User: {"user": "Zjyr", "Roles": [        {"Role": "read", "DB": "Test"}]     } > Db.createuser (...          {... User: "Zjy", ... pwd: "Zjy", ... roles: [...
{role: "ReadWrite", DB: "Test"} #读写帐号 ...]
...     }
... )                Successfully added User: {"user": "Zjy", "roles": [{"Role": "ReadWrite",                                    #读写账号 "DB": "Test"}]} > show Users;  #查看当前库下的用户 {"_id": "Test.zjyr", "User": "Zjyr", "DB": "Test", "roles": [{"Role"
    : "read", "DB": "Test"}]} {"_id": "Test.zjy", "User": "Zjy", "DB": "Test", "Roles": [{"Role": "ReadWrite", "DB": "Test"}]}

2 accounts are created above, now verified: Validation prerequisites require a collection