MongoDB 3.2 User Rights Management configuration

Environment

MongoDB Shell version:3.2.6

Win 7

Set method User Rights settings

• 1. Enter the shell of MongoDB:mongo

• 2. Switch database:use admin

From the 3.0 version, the default local is only the library, no admin library, we need to create ourselves.

• 3. Add user, specify user's role and database:

• Db.createuser (    "admin",      customdata:{description:"Superuser"},    "admin" ,      " Useradminanydatabase ", DB:" admin " }]    }  ) The User  field, the name of the new user, the PWD field, the user's password, the Cusomdata field, for any content, For example, the user's full name can be introduced; the roles field specifies the user's role, and an empty array can be used to set an empty role for the new user. In the Roles field, you can specify built-in roles and user-defined roles. 

• 4. View the created User: show users ordb.system.users.find()

• 5. Enable User rights:

To modify the configuration file, add the configuration:

Security:  authorization:enabled

Restart MongoDB

net stop mongodb;net start MongoDB;

• 6. User authentication using:

After you enable user authentication, log in to the MONGO shell again, and show dbs the Execute command prompts "no permissions." At this point, the user is required to verify the login.

Db.auth ("admin", "admin")

Other built-in roles

1. Database user role: Read, readWrite;
2. Database management roles: DbAdmin, Dbowner, useradmin;
3. Cluster Management role: Clusteradmin, Clustermanager, Clustermonitor, Hostmanager;
4. Backup recovery role: backups, restore;
5. All database roles: Readanydatabase, Readwriteanydatabase, Useradminanydatabase, dbadminanydatabase
6. Super User role: Root
7. There are also several roles that indirectly or directly provide access to the system's Superuser (Dbowner, Useradmin, Useradminanydatabase)
8. Internal role: __system

Official details role Description –> Portal

Configuration file Example

Official Detailed –> Portal

#此处为配置文件可配置的内容 #mongod config file #MongoDB configuration files use the YAML format. #The following example Configuratio N file contains several Mongod settings.######## #Example start######## #systemLog: # destination:file# Path:"/var/log/mongodb/mongodb.log"# Logappend:true#storage: # journal:# Enabled:true#processManagement: # fork:true#net: # Bindip:127.0.0.1# port:27017#setParameter: # Enablelocalhostauthbypass:false######## #Example end################ #Core optionssystemlog:# verbosity:0 #Default: 0; 1 to 5increases the verbosity level to include Debug messages.# quiet:<Boolean># traceallexception:<Boolean># Syslogfacility:user Path:"/usr/local/mongodb/log/mongod.log"Logappend:true# LogRotate:<string>#rename or reopen destination:file# timestampformat:iso8601-local# component:# accesscontrol:# verbosity:0# command:# verbosity:0# # COMMENT additional component verbosity settings omitted forbrevity# storage:# verbosity:0# journal:# verbosity:<int># write:# verbosity:0######### #ProcessManagement optionsprocessmanagement:fork:truePidfilepath:"/usr/local/mongodb/log/mongod.pid"########## #Net optionsnet:port:27017# Bindip:<string>#Default all interfaces.# maxincomingconnections:65536# Wireobjectcheck:true# IPv6:false# unixdomainsocket:# Enabled:true# Pathprefix:"/tmp"# filepermissions:0700# http:# Enabled:false# jsonpenabled:false# restinterfaceenabled:false# ssl:# Sslonnormalports:<Boolean> # Deprecated since 2.6# Mode:<string># Pemkeyfile:<string># Pemkeypassword:<string># Clusterfile:<string># Clusterpassword:<string># Cafile:<string># CRLFile:<string># Allowconnectionswithoutcertificates:<Boolean># Allowinvalidcertificates:<Boolean># Allowinvalidhostnames:false# Fipsmode:<Boolean>######### #security options#security:# keyfile:<string># clusterauthmode:keyfile# authorization:disable# javascriptenabled:true####### #security. SASL options# sasl:# hostName:<string># ServiceName:<string># Saslauthdsocketpath:<string>########## #setParameter Optionsetparameter:enablelocalhostauthbypass:false#   <parameter1>: <value1>#   <parameter2>: <value2>########## #storage Optionsstorage:dbpath:"/data/db"# Indexbuildretry:true# Repairpath:"/data/db/_tmp"# journal:# Enabled:true# Directoryperdb:false# Syncperiodsecs:60Engine:"Mmapv1"#Valid options include Mmapv1 and wiredtiger.######## #storage. Mmapv1 options# mmapv1:# preallocdatafiles: true# Nssize:16# quota:# Enforced:false# Maxfilesperdb:8# Smallfiles:false# journal:# DebugFlags:<int># Commitintervalms:# 30 or######## #storage. Wiredtiger options# wiredtiger:# engineconfig:# CACHESIZEGB:<number> #Default: The maximum of half of physical RAM or 1gigabyte# statisticslogdelaysecs:0# Journalcompressor:"Snappy"# directoryforindexes:false# collectionconfig:# Blockcompressor:"Snappy"# indexconfig:# Prefixcompression:true########### #operationProfiling options#operationprofiling:# SLOWOPTHRESHOLDMS:100# Mode:"Off"########### #replication options#replication:# oplogsizemb:<int># Replsetname:<string># secondaryindexprefetch:all########### #sharding options#sharding:# clusterrole:<string>#configsvr or shardsvr# archivemovedchunks:true########## #auditLog options#auditlog:# Destination:<string> #syslog/console/file# Format:<string> #JSON/bson# Path: <string># Filter:<string>########## #snmp options#snmp:# subagent:<Boolean># Master:<Boolean>######### #mongos-Only options#replication:# Localpingthresholdms:15# #sharding: # Autosplit:true# ConfigDB:<string># ChunkSize:64######### #Windows Service options#processmanagement:# windowsservice:# serviceName:<string># DisplayName:<string># Description:<string># Serviceuser:<string># Servicepassword:<string>

MongoDB 3.2 User Rights Management configuration