1.MongoDB Permissions IntroductionA in the previous article, we configured the MONGODB environment under Linux and set it to start with the service randomization, so the next article we will briefly talk about the management of the login user rights under MongoDB. b MongoDB Installation, the default is not required to enter the user name password can log in, but often the database we will be in security considerations and set the user name password, this article mainly describes the MongoDB add administrator/Ordinary user method. C in our use of the relational database, generally have permission control, that is, configure what the user access to what database, what data table, what users can make additions and deletions to the table, what users can read and so on can be configured, So MongoDB as a non-relational database of the typical, it is also configurable, and to master the rights of MongoDB we simply need to understand the following points, followed by the following points to configure (online learning to get a summary). C.1 MongoDB does not have a default administrator account, so you have to add an administrator account, in the Open permission authentication. C.2 Switch to the admin database, add the account is the administrator's account. C.3 users can only log in to the user's database, including the administrator account. C.4 Administrator can manage all the databases, but not directly manage other databases, first in the Admin database authentication can be, but also for security reasons. D This learning note is installed in Linux under the version of MongoDB is 3.2.8, so the following commands are 3.2.8, this is because the old version and the new version of the command is different, please be known, if you use the version is relatively low, please see for yourself what the command is for the test operation.
2 MongoDB Add Administrator accountA above simple description, below we need to start connecting to the database to enter the CLI management interface, only after entering this page we can operate it (temporarily for the client, followed by the client to explain). A.1 First jump to the Bin folder under the MongoDB installation package, and then start with the command (./mongo), it will start successfully (make sure MongoDB service is started), (MONGDB installation path for its own installation paths, may be inconsistent with me, please check): A.2, the connection is successful and we will be able to operate it after >. b connect the database and switch to the user tableB.1 After the connection is successful, we first enter the command: Show DBS, we found a database built into its system named local (if you have a queryAdmin database, that is because you are using the lower version of MongoDB), the Admin library does not exist and needs to be created by ourselves. B.2 (use admin) uses this command to create an admin database, which will use the admin database, which is also a command to switch the database. b.3 (show collections) after switching to the admin library, use the show collections query, We found that the database contained a system.user and system.version table, we mainly look at the System.user table, this table is used to store the Super administrator. B.4 (Db.system.users.find ()) First use the command query System.user table contains data no, enter the command: Db.system.users.find (), the query found that the database is empty, At this point we add an administrator account to the table. d Add Users and specify roles and databases for the user, command:
D.1 User: UsernameD.2 pwd: PasswordD.3 customData: Description fieldD.4 Roles: Specify the role of the user, you can use an empty array to set the empty role for the new user, in the Roles field can specify the built-in role and user-defined role, built-in role in the fourth module we specifically come back to say it. e (Show Users, Db.system.users.find ()) When the user is created, we can use the previous two commands to query the user's information, self-query see. F When the user information is added, our idea is to reconnect immediately verify whether the permissions have been controlled, here to attack you, of course, there is no control, here we also need to turn on user rights verification, because MongoDB default is not open permission verification, the following we briefly say how to turn on permission verification.
3
MongoDB Turn on user rights verification A through the above simple introduction we have configured the user and password as well as the role, but as I said in the last step above, login or login here, because we do not turn on user rights verification, how to open this permission verification. B First we open the previous mongodb.conf configuration file we configured, my installation path is: (/usr/local/kencery/mongodb/mongodb/bin/), using Vim to open, find such a property (auth= true) to remove the previous comment and save it. C Restart the MongoDB service, because I have already set up MongoDB as a service in the previous, so I use the following command to turn off and restart MongoDBC.1 Service Mongod StopC.2 Service Mongod startD after reboot we are connected to the database and then switch to the Admin database, using the Db.system.users.find () command to view, as shown, the configuration has been successful
e As shown, prompt message that we do not have an alignment authorization, at this time, we enter the following command to authorize, after authorization we use the query command to query the discovery has been able to query, here simple permissions have been set to complete. e.1 Db.auth ("Kencery", "Kencery")
4
a brief introduction to MongoDB's roles rolea MongoDB built-in role official website document Description: http://docs.mongoing.com/manual-zh/reference/built-in-roles.htmlb about MongoDB's built-in role, we can probably be divided into the following several to briefly sayB.1 Database user Roles: Read, ReadWriteB.2 Database Administration Roles (DB Management role): DbAdmin, Dbowner, Useradminb.3 Culster Administration Roles (Administrators group, managed for the entire system): Clusteradmin, Clustermanager, Clustermonitor, Hostmanagerb.4 Backup and Restoration Roles (Backup restore role Group): Backup, restoreb.5 all-database Roles (all database roles): Readanydatabase, Readwriteanydatabase, Useradminanydatabase, dbadminanydatabase b.6 Superuser Roles (super Admin): Root, (Dbowner, useradmin, useradminanydatabase These role roles provide any data on any user's ability to any of the permissions, Users who have this role can define their own permissions on any database .b.7 Internal Role (internal roles, generally not recommended): __systemC about the meaning of each character above, please go to the official website or this article to see, the address is: http://www.cnblogs.com/SamOk/p/5162767.htmlD I just understand some, but not all understand, because after all, just self-study, so just do their own practice test some of the significance of the role, if you do not understand that, you can leave a message to discuss our piece.
5
MongoDB creates a new database and configures the read-write (read, readWrite) Rights Management case descriptionA in the above we set up a useradminanydatabase role for kencery users under the Admin database, using this user to manage the user, who can create and delete roles through this role. First we switch to the admin under the authorized user login (after reconnecting the operation), the command is as follows:A.1 Use adminA.2 Db.auth ("Kencery", "Kencery") returns 1 for authorization success or authorization failsA.3 Show DBS verifies that the authorization is successful. b After successful authorization, we first create a log table (logs) to create a read and Readwrtite account for the logs table. Read account corresponding to the system account, ReadWrite account corresponding to read and write account, the command is as follows:B.1 Use logsB.2 Db.createuser ({User: "read",pwd: "read",roles:[{role: "read", DB: "Logs"}]})b.3 Add read and write users, the above command in the user and PWD to: readwrite,roles role changed to ReadWrite, the others do not have to change. B.4 Last query we added the user as shown below, then we read and read and write to the user add complete. C above we created two accounts, we first verify the read-Write account (ReadWrite ( can write to the current database user information )),C.1 First we do not switch users, directly under the Kencery user under the logs database under the Payment table to insert, will prompt us to insert the failure, no permissions, this is because the Useradminanydatabase permissions only for the user management, For other representations, there is no operational permission, as shown in the following: C.2 from the above to see that we have the right to authorize the failure, this time with the Readwriter (read-write) account we created authorization, and then insert and query, then found that the insert and query are successful: C.3 from the above we see no problem with read-write permission validation. d test the Read and write permissions above, we test the Read permission (read)D.1 continue the above operation, first we authorize the read user, and then use the Read user to insert and query, then found that the insertion prompt is not authorized, and the query is successful, we expect the implementation of: D.2 as shown, the authorization is complete and can be configured to allow some users to read only and not to insert modified permissions.
6
MongoDB Super Admin rootA above we briefly introduced read and write permissions and read permissions, then we say the root permissions, it is super permissions, that is, you just configure their account, you can do any operation of the data, of course, the normal environment is not recommended, the risk is very high! But to learn, let's talk about the use of this role,b First in the environment above we continue to authorize the Kencery user and then create a superuser nouse (not recommended). But when we authorized the time to find an error, error: Note: The reason is that the user we created under the Admin database cannot be authorized directly under the other libraries, only under the account creation library, and then accessed from other libraries. c from above, first we switch the database to admin, then create the user Nouse, the permissions role to root, the database corresponding to the admin, the script has been written above, here is no longer cumbersome. D After we switch the authorization to use Nouse, after switching to the logs database for a variety of operations, found to be operational, simple as follows: e Because the account is always in the current need to authorize the database under the authorization, it is not under the current database authorization, meaning, I now switch to the Admin database to add users to the logs database, after the creation of how to do? Always write down the sentence above:(where to create where authentication) under the Admin database created under the user, not directly under the Other library authorization, can only be authorized under the account creation library, and then go to other libraries to access. F from the beginning of the article to now we have created a lot of accounts, then we can use the following two commands to query the account and the total number of accountsF.1 Db.system.users.find (). Pretty ()F.2 Db.system.users.find (). Count () because I am learning notes, and therefore part of the content from the network, I hope to learn something about permissions This block is now simply understood and configured, and later if you can study the deeper words will continue to say that this piece
MongoDB Learning notes-rights Management
