How MongoDB sets permissions (user names and passwords like relational databases)

Source: Internet
Author: User
Tags auth mongodb client mongodb server

MongoDB default is not set authentication, the industry most of the projects using MongoDB also did not set access rights. This means that as long as the port of the MongoDB server is known, anyone who can access the server can query and manipulate the contents of the MongoDB database. In some projects, this type of usage can be seen as a security breach.

This article describes how to set authentication on a single MongoDB server. After Setup, the MongoDB client must be logged in with the correct user name and password in order to operate in the specified database.

First introduce the users and permissions under MongoDB. Each database has its own user, the command to create the user is Db.createuser () (document), and when you create a user, that user belongs to the database you are currently in.

Each user contains three features: a user name, a password, and a list of roles. Here is an example:


{
User: "Dbuser",
PWD: "Dbpass",
roles: ["ReadWrite", "Clusteradmin"]
}

This example represents a user named Dbuser, which has a readWrite and clusteradmin two roles in the current database.

--------------------------------------------------------------------------------------------------------------- -----------


MongoDB has many roles built in, but be aware that not every database has the same built-in role. Where the admin database contains roles that some other databases do not have.

Children familiar with Oracle are aware that there are two types of database users, one is administrator, to manage users, one is a normal user, to access data. Similarly, for MongoDB planning user authentication, at least two roles should be planned: User Administrator and database user. If you build shards or master-slave, you may also want to plan the role of the database schema Administrator, which is specifically designed to adjust the distributed architecture of the database.

Before creating a user, we will first modify the way MongoDB starts. By default, MongoDB is not checked for authentication. We just need to add a--auth parameter after the command that runs MongoDB, for example:

Mongod--dbpath./db1--port 20000--auth

How to create a user administrator


A user administrator is the first user to be created. You can create users as you like without creating any users, but once you have a user in the database, clients that are not logged on do not have permission to do anything unless you log in using the Db.auth (username, password) method.

The role of the user administrator is called Useradminanydatabase, which can only be created in the admin database. Here is an example:

> Use admin
Switched to DB admin
> Db.createuser ({User: "root", pwd: "root123", roles:["Useradminanydatabase"]})
Successfully added User: {"user": "Root", "roles": ["Useradminanydatabase"]}

This example creates a user administrator named Root. After the user is created, we should log in as the user immediately:

> Db.auth ("Root", "root123")
1
The Db.auth () method returns 1 to indicate a successful login. Next we create access to the required accounts for the specified database.

--------------------------------------------------------------------------------------------------------------- -----------

How to create a database user


First, make sure you have logged into the admin database as a user administrator. The use command is then used to switch to the target database, and the Db.createuser () command is used to create the user with the role name "ReadWrite".

There are two types of common database user roles, read and ReadWrite. As the name implies, the former can only read data cannot be modified, the latter may read and modify.
Here is an example:

> Use test
Switched to DB test
> Db.createuser ({User: "TestUser", pwd: "Testpass", roles:["ReadWrite"]})
Successfully added User: {"user": "TestUser", "Roles": ["ReadWrite"]}
> Db.auth ("TestUser", "Testpass")
1

This ensures that the data security of MongoDB is protected, and that clients that are not logged on will not be able to execute any commands.

How MongoDB sets permissions (user names and passwords like relational databases)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.