Apsaradb for MongoDB permission management and apsaradb for mongodb permission management

Apsaradb for MongoDB permission management and apsaradb for mongodb permission management

By default, you do not need to enter the username and password for MongoDB.The customer can log on. But there will be a lot of Warning, such:

So -- for the sake of security, we still need to set the user name and password for it. This document describes how to operate the username and password of MongoDB permission management.

First, we should replace the previous mongo. set auth = true in config to enable permission verification and then start the MongoDB Service (if you do not know how to set it here, please refer to the previous blog post-START MongoDB using Windows Service)

Dbpath = E: \ Program Files \ MongoDB \ data \ dblogpath = E: \ Program Files \ MongoDB \ data \ log \ mongo. logauth = true // set auth = true

After setting auth = true, remember to restart the MongoDB service.

# Open mongo shellC: \ Users \ Abloume> mongo # Add a super management account> use admin # enter the admin table> db. createUser ({user: "Abloume", pwd: "admin123", roles: [{role: "root", db: "admin"}]}) # Check whether the user is successfully created> show users # output the following content to indicate that the user is successfully added {"_ id": "admin. abloume "," user ":" Abloume "," db ":" admin "," roles ": [{" role ":" userAdminAnyDatabase "," db ": "admin"}]}> exit

In this way, a super administrator user Abloume with all permissions is created successfully.

So how can I connect to the database through this user during connection? See

But now you may wonder if I can directly use mongo without adding any parameters? See:

This information indicates that you do not have any permission to operate on it ~

So far, the operations on enabling the authentication permission and creating administrator users for the database are complete.

Finally, let's get to know what permissions MongoDB has:

1. Database User Roles: read and readWrite;

2. database management roles: dbAdmin, dbOwner, and userAdmin;

3. cluster management roles: clusterAdmin, clusterManager, clusterMonitor, and hostManager;

4. backup and recovery roles: backup and restore;

5. All Database roles: readAnyDatabase, readWriteAnyDatabase, userAdminAnyDatabase, and dbAdminAnyDatabase

6. Super User role: root // There are several roles that indirectly or directly provide access to system Super Users (dbOwner, userAdmin, userAdminAnyDatabase)

7. Internal role :__ system

Read: allows users to read specified databases.

ReadWrite: allows users to read and write specified databases.

DbAdmin: allows you to execute management functions in a specified database, such as creating or deleting indexes, viewing statistics, or accessing system. profile.

UserAdmin: allows users to write data to the system. users set. You can create, delete, and manage users in a specified database.

ClusterAdmin: it is only available in the admin database. It grants users the permission to manage all sharding and replica set functions.

ReadAnyDatabase: available only in the admin database. read permission is granted to all databases.

ReadWriteAnyDatabase: available only in the admin database, giving the user the read and write permissions for all databases

UserAdminAnyDatabase: available only in the admin database. Grant the userAdmin permission to all databases of the user.

DbAdminAnyDatabase: only available in the admin database. Grant dbAdmin permissions to all databases.

Root: only available in the admin database. Super account, super permission