MongoDB 3.x user creation and authentication configuration learning notes

MongoDB does not require a password after the default installation.

At this point you show DBS will see that there is only one local database, the so-called admin does not exist.

MongoDB has no root, only the user who can manage the user useradminanydatabase.

### #1. Set the authentication Mode #

Here the default authentication mechanism for MONGO3 is changed to Scram-sha-1, and spring-boot until 1.3.0 RC still does not support the new default authentication method of Mongo3 so this is specified as the old version mode MONGODB-CR

#切换到admin库
Use admin
#查询authSchema
var schema = Db.system.version.findOne ({"_id": "Authschema"})
#设置为MONGODB-CR
Schema.currentversion = 3
# #保存
Db.system.version.save (Schema)

### #2, User creation # # # # #

Grammar:

Db.createuser (user, Writeconcern)
User This document creates information about the identity authentication and access of users;
Writeconcern This document describes a successful report that guarantees MongoDB to provide write operations.

· User document, which defines the following forms of users:
{User: "",
PWD: "",
CustomData: {},
Roles: [
{role: "", DB: ""} | "",
...
]
}

User document Field Description:
User field, the name of the new user;
PWD field, user's password;
Cusomdata field, for any content, for example, can be introduced for the user's full name;
Roles field, specify the user's role, you can use an empty array for the new user to set the empty role;
In the Roles field, you can specify built-in roles and user-defined roles.

Built-in Roles (built-in roles):
1. Database user role: Read, ReadWrite;
2. Database Management role: Dbadmin, Dbowner, useradmin;
3. Cluster Management role: Clusteradmin, Clustermanager, Clustermonitor, Hostmanager;
4. Backup Restoration Role: backup, restore;
5. All database roles: Readanydatabase, Readwriteanydatabase, Useradminanydatabase, dbadminanydatabase
6. Super User role: Root
There are also several roles that indirectly or directly provide system Superuser access (Dbowner, Useradmin, Useradminanydatabase)
7. Internal role: __system
PS: You can click on the built-in Role link above to view the details of the actions that each role has.

· Writeconcern Documentation (official description)

W option: Allowable values are 1, 0, greater than 1 value, "majority",;
J option: Ensure that the Mongod instance writes data to the journal (log) on disk, which ensures that no data is lost except for Mongd shutdown. Set true to enable.
Wtimeout: Specifies a time limit, in milliseconds. Wtimeout only applies to W values greater than 1.

For example: Create a user AccountAdmin01 in the products database, and give the user admin database Clusteradmin and readanydatabase roles on the products database ReadWrite role.
Use Products
Db.createuser ({"User": "AccountAdmin01",
"pwd": "Cleartext password",
"CustomData": {employeeid:12345},
"Roles": [{role: "Clusteradmin", DB: "Admin"},
{role: "Readanydatabase", DB: "Admin"},
"ReadWrite"
] },
{w: "Majority", wtimeout:5000})

Configuring Security Authentication

Here the default authentication mechanism for MONGO3 is changed to Scram-sha-1, and spring-boot until 1.3.0 RC still does not support the new default authentication method of Mongo3 so this is specified as the old version mode MONGODB-CR

Security
Authorization:enabled
Setparameter:
Authenticationmechanisms:mongodb-cr,scram-sha-1
Enablelocalhostauthbypass:false
Loglevel:4