MongoDB Learning Summary (v)--security certification

As a database software, we want to ensure that the data security, not everyone can access, so MongoDB also like other database software can be used as a user authentication method,

 mongodb 3.0 previous versions Span lang= "ZH-CN" > provides adduser method add trusted users to different databases ,mongodb 3.0 After the beginning of the version has been changed to createuser< Span lang= "ZH-CN" > method,

I use the latest version here, so I need to use the createUser method.

Below we re-establish a MongoDB database. It is also opened as a Windows service.

> Create User

The service was created successfully and started successfully, and we turned on the client. Create a user using CreateUser.

  because createuser method with previous adduser The method is very different, creating a user needs to add different role permissions.

one thing to note here is that adding a user to the admin database is a superuser, also known as a database administrator, that can manipulate any database.

The specific permissions are as follows:

READ: Allows the user to read the specified database

ReadWrite: Allows the user to read and write to the specified database

DbAdmin: Allows the user to perform administrative functions in the specified database, such as index creation, deletion, viewing statistics, or accessing System.profile

Useradmin: Allows the user to write to the System.users collection to create, delete, and manage users in the specified database

Clusteradmin: Available only in the admin database, giving the user administrative privileges on all shards and replica set related functions.

Readanydatabase: Only available in the Admin database, giving users read access to all databases

Readwriteanydatabase: Only available in the Admin database, giving users read and write access to all databases

Useradminanydatabase: Only available in the Admin database, giving the user useradmin permissions for all databases

Dbadminanydatabase: Only available in the Admin database, giving the user dbadmin permissions for all databases.

Root: Available only in the admin database. Super account, super privilege.

Let's introduce a simple example.

Above we created the admin Super User " Super" and the user "Derek" of the Product collection , and have read and write and administrative permissions.

> Open Service Verification

Below we turn on the user authentication mode of the service, using the --auth parameter.

We turned on the service verification mode, let's look at the example below.

We could not perform the corresponding operation on the product collection until we saw it, so we validated it with the Db.auth method, and the result returned 1 means that the validation passed, and then the collection could be manipulated.

When we switch to admin 's superuser, we can manipulate any collection.

The above is a simple set up of two users, the above introduction of MongoDB 3.0 after the beginning of the establishment of user-included many role roles , according to the concept of a good understanding, we can try their own according to the requirements, I am not listed here.

Also query which users, with the db.system.users.find () command. Use db.system.users.remove ({name,value}) if you need to delete the user.

MongoDB Learning Summary (v)--security certification