MONGO DB Learning Note II: MONGODB user authentication

The first thing to know is that MongoDB default installation is not any authentication is turned on, that is, all can connect to the server can be in the Data view, of course, you can use a firewall to block. But without firewall protection, the database is very dangerous to expose.

MongoDB is divided into several aspects of security, mainly: Authentication, role-based access control (authorization), auditing, encryption, deployment and security of the environment (related to network and system access environment).

One about certification

Use the User name Authentication command:

MONGO--port 27017-u manager-p 12345678--authenticationdatabase Admin

Create a system-level Admin user, assign the root role, manage all databases, and do any of the following:

Note: the creation of user-generated data should normally be saved in the Admin library for unified management, but can also be specified to save in other databases, run the use dbname First, represent dbname this library operation, and then run the command to create the user, the data is saved in the "dbname" database

Use Admindb.createuser ({User: "Superuser", pwd: "12345678", Roles: ["Root"]})

Or create an administrator user for the specified database:

Use Admindb.createuser ({User: "Tracking", pwd: ' track ', roles: [{role: "ReadWrite", DB: "Use R_data_tracking "}, {role:" DbAdmin ", DB:" User_data_tracking "}]})

To create a user who specializes in managing users:

Use Admindb.createuser ({User: "Siteuseradmin", pwd: "Password", roles: [{role: "Useradminanyd Atabase ", DB:" Admin "}]})

Useradminanydatabase and Useradmin differences

Useradminanydatabase provides the same access to user administration operations as Useradmin, except it applies t o all databases in Thecluster.

Use Productsdb.createuser ({User: "Recordsuseradmin", pwd: "Password", roles: [{role: "Useradm In ", DB:" Records "}]})

You can view the user rights after logging in with this command:

Db.runcommand ({usersinfo: "Manager", showprivileges:true})

Only read-only permissions are assigned:

Use Reportingdb.createuser ({User: "Reportsuser", pwd: "12345678", roles: [{role: "read", DB: "Reporting"}, {role: "read", DB: "Products"}, {role: "read", DB: "Sales"}]})