MongoDB Quick Start Learning Note 7 MongoDB user Management actions

1, modify the start MongoDB requires user authentication
Add parameter--auth.
Now we remove the MongoDB service and add the service again

Mongod--dbpath "D:\work\MongoDB\data"--logpath "D:\work\MongoDB\log\mongodb.log"--install--servicename "MongoDB"- -auth

2. Create a user and log in with the user you created
Open the Shell operator interface, the default test data, and then view all the database, found an error, because there is no user authentication.
User authentication is performed using Db.auth ("User", "pwd").
User: Username
PWD: Password

Because there are no users in the database, you need to start the data with no user authentication and create a new user under the Admin database.
Db.createuser ({User: "", pwd: "", Roles:[{role: "", DB: ""}]})
Create a user under the current database
User: Username
PWD: Password
Roles: Role Information
[Roles: Role name, DB: operation on the specified database]

> Db.createuser ({User: "admin", pwd: "admin", Roles:[{role: "Useradminanydatabase", DB: "admin"}]}) successfully Added User: {"user": "admin","Roles" : [{"role": "Useradminanydatabase","db": "admin" }]}

Start the database using user authentication, and in the database admin, log in with admin
> Db.auth ("admin", "admin")
1

Status 1 means validation succeeds, 0 means validation failed

Create a user by default to the currently used data under create user,
For example: The data currently in use is admin, new user under Admin data
Db.createuser ({User: "Zyh", pwd: "Zyh", Roles:[{role: "ReadWrite", DB: "Zyhdb"}]})
Use ZYH login under the Admin database to read and write Zyhdb collection.
When under ZYHDB, you cannot log on using ZYH because the user zyh is under the admin database.

3. View the user under current data
Show users displays all user under the current database
Users who have administrative privileges to log on to see, such as the use of ZYH login, execution will be error, after using the admin login, display the user

> Db.auth ("Zyh", "Zyh")1>Show Users2016-06-01t20:32:30.639+0800 E QUERY [Thread1] Error:not authorized on Admin to execute command {usersinfo:1.0}: [Email protected]/mongo/shell/utils.js:25:13[email Protected]/mongo/shell/db.js:1523:1[email Protected]/mongo/shell/utils.js : 743:9[email protected]/mongo/shell/utils.js:650:15@ (SHELLHELP2):1:1> db.auth ("admin", "admin")1>Show users{"_id": "Admin.admin","User": "admin","DB": "admin","Roles" : [{"Role": "Useradminanydatabase","DB": "admin"}]}{"_id": "Admin.zyh","User": "Zyh","DB": "admin","Roles" : [{"Role": "ReadWrite","DB": "Zyhdb"}]}

You can also use Db.getusers () to view all users
Use Db.getuser ("user") to query specific information for a specified user

4. Modify user Information
Db.changeuserpassword ("User", "newpwd"), Change password
User: Username
NEWPWD: New Password

Db.updateuser ("user", {roles:[{role: "" ", DB:" "}]})
Modify user Information

Db.grantrolestouser ("User", [{role: "", DB: ""}])
Append roles

Db.revokerolesfromuser ("User", [{role: "", DB: ""}])
Cancel a role

5. Delete users
Db.dropuser ("user") deletes the specified user

Db.dropallusers () Delete all users under current data

Attached: Common built-in role descriptions
Database user roles (roles per database)
Read access to the Non-system collection, and Read permissions for the following system collections: System.indexes,system.js,system.namespaces
ReadWrite Read and write access to the Non-system collection, and read and write permissions on the System.js


Database management roles (data management roles that each database contains)
Dbadmin the ability to complete administrative tasks, such as schema-related tasks, indexes, and statistical information collection. cannot be used to manage users and roles
Dbowner all the permissions required to manage the database. Include (Permissions for ReadWrite, DbAdmin, useradmin roles)
Useradmin Create and Modify permissions for roles and users in the current database


Cluster Management roles
The Admin database contains the following roles for managing the entire system, not just for a single database
Clusteramin provides the maximum permissions for cluster management. Contains permissions for the Clustermanager, Clustermonitor, Hostmanager roles
Clustermanager manages and monitors the cluster to access the local and config databases.
Clustermonitor Read access to a cluster
Hostmanager Management and health servers


Backup and restore Roles
The Admin database contains the following roles for backing up and restoring data
Backup permissions
Restore Restoration Permissions


All-database roles
The admin data provides the following roles, which are valid for all databases.
Readanydatabase provides read access to all databases
Readwriteanydatabase provides write access to all databases
Useradminanydatabase provides administrative rights to all database users
Dbadminanydatabase dbadmin permissions on all databases


Super character
Role description
Root has the highest privileges

In addition, the role can also be customized settings.

MongoDB Quick Start Learning Note 7 User management actions for MongoDB