[Doc] MongoDB user Create and enable Access-control

Document Link: https://docs.mongodb.com/manual/tutorial/enable-authentication/

Pre

Personal total Sense the database's document structure is not very friendly and does not solve the problem. The following is translated according to the original document structure:

The following tutorial demonstrates enabling authentication with a background of a standalone Mongod instance that uses the default authentication mechanism.

Account authentication for replicas and cluster shards

Please refer to:

https://docs.mongodb.com/manual/core/security-internal-authentication/

Account Management

Before enabling Access-control, confirm that there are accounts in the Admin database that have useradmin or useradminanydatabase roles.

The role account has the following privileges: Create account, assign account role, revoke account role, create/Modify account role.

You can create an account before and after you enable Access-control.

If you have not created any accounts and enabled Access-control, MongoDB throws a localhost exception that allows the user to create an account administrator account in the admin database. Once the administrator account is established, the user is logged in with the Account Administrator account to add other accounts.

Steps

The following steps demonstrate the first time you add a user in a MongoDB instance that is not enabled for Access-control, and then turn on the action.

1. do not enable Access-control to start MongoDB

27017 --dbpath/data/db

2. Connect to an instance ( local )

27017

3. Create a user administrator

Create a user for the useradminanydatabase role.

> Use admin> db.createuser (  {     "useradmin",     pwd  "useradminpwd",     'useradminanydatabase  'admin'  }  })

Exit MONGO Shell

4. enable Access-control, restart MongoDB

To restart an Mongod instance using the--auth option

27017 --dbpath/data/db

After Access-control is enabled, users need to log in before they can operate. The actions that the user can perform are determined by the role of the account attribution.

5. Login with Admin account

Through the MONGO shell, users can:

• Authentication when connecting to an instance
• Access to the shell, user authentication via Db.auth ()

Connection-time Authentication

27017 ' Useradmin ' ' useradminpwd ' " Admin "

Post-connect authentication

27017 > Use admin> db.auth ('useradmin'useradminpwd' )

6. Create another account

Once you have logged in to your administrator account, you can create additional accounts via Db.createuser (). Accounts can give MongoDB built-in role permissions, or you can customize role permissions.

MONGO built-in user roles see: https://docs.mongodb.com/manual/core/security-built-in-roles/

Custom user roles See: https://docs.mongodb.com/manual/core/security-user-defined-roles/

Account Administrator account Useradmin only manage account and role permissions. If Useradmin attempts to perform other operations, such as reading data from the Foo collection in the test database, MONGODB returns an error.

Here's how to create an account

>Use test>Db.createuser ({User:"Mytester",    pwd:"xyz123", roles: [{role:"ReadWrite"Db:"Test"}, {role:"Read"Db:"Reporting" } ]  })

7. Login with Mytester account

Connection-time Authentication

27017 " Mytester " " xyz123 " " Test "

Post-connect authentication

27017> Use Test> Db.auth ("mytester""xyz123 " )

Mytester The user inserts data into the collection

1 1 })

[Doc] MongoDB user Create and enable Access-control