MongoDB users, roles, and Rights management

I. Conceptual understanding

1. User concept
MongoDB users are composed of user name + owning library name
For example:
Login MONGO testdb1, create user TestUser
Login MONGO TESTDB2, create user testuserbr/> the user created above is:[email protected], testuse[email protected]
< p="">

2. Role concept
MongoDB's authorization takes the role authorization method, each role includes a set of permissions.
MongoDB has a defined role called the built-in role, and we can also customize the role.
Here is the main introduction to built-in roles, and the MongoDB built-in role includes the following categories:
Read and Write permissions: Read/readwrite read/write library permissions
Database Management role: DbAdmin a Database administration permissions
Useradmin the administrative rights of a database user, including the creation of users, authorized management
Dbowner the owner of a database, with all permissions for the library, including Readwrite,dbadmin and Useradmin permissions
Cluster permissions:
Backup and Recovery roles: Bakcup restore
All database roles: Readanydatabase
Readwriteanydatabase
Dbadminanydatabase
Useradminanydatabase
Super User role: Root
Internal role: __system is not recommended for use

Second, build the certification environment and authentication login
1. Locate the MongoDB configuration file and set the Noauth=true
After you restart MongoDB, login to the admin account to create a super-privileged user
Use admin
Db.createuser ({User: ' root ', pwd: ' Root ', roles:[{"role": "Root", "db": "Admin"}]});

2. Close MongoDB

3. Enable authentication parameters
Generate encrypted files and copy encrypted files to each node
Mkdir/usr/local/mongodb/keyfile
OpenSSL rand-base64 >/usr/local/mongodb/keyfile/key
Chmod-r 600/usr/local/mongodb/keyfile/key
Modify each node configuration profile
Auth = True
KeyFile =/usr/local/mongodb/keyfile/key

4. Start MongoDB

5. Authentication Login

Use admin
Switched to DB admin
Db.auth (' root ', ' root ')

1

Use Hong
Switched to DB Hong
Show collections;
Liujing
System.users
Db.liujing.find ();
{"_id": ObjectId ("56f255b77fa46acddeb4507b"), "name": "Liujing"}

Third, user authorization detailed
1. Create user and authorize
Syntax: Db.createuser ({User: "UserName", pwd: "Password", Roles:[{role: "RoleName", DB: "Target_dbname"}]})
First choose which library to create the user, such as Test:use test;
Create a user with 3 items to provide: username, password, role list
For example, I want to create a testuser with a password of testpwd under test, and the role list includes the ReadWrite role and useradmin role of the test library:
Db.createuser ({User: "TestUser", pwd: "Testpwd", Roles:[{role: "ReadWrite", DB: "Test"},{role: "Useradmin", DB: "Test"}] })

2. Change the password
First enter the target library: use test
Db.changeuserpassword (' testuser ', ' testpwd ');

3. Add a role
First enter the target library: use test
Db.grantrolestouser ("TestUser", [{role: "read", DB: "admin"}])

4. Reclaim Role Permissions
First enter the target library: use test
Db.revokerolesfromuser ("TestUser", [{role: "read", DB: "admin"}])

5. Delete users
First enter the target library: use test
Db.dropuser ("TestUser")

Iv. Matters of note

1, Mongodbvoe version is too low, may cause remote connection MongoDB authentication failed, recommended upgrade version or replace other GUI tools
2, remote connection MongoDB must be the MongoDB server's firewall open, or not connected

Reference blog:
http://blog.csdn.net/dbabruce/article/details/50963956
http://blog.51cto.com/wjlking/1792629

MongoDB users, roles, and Rights management