MongoDB sets access permissions for users

MongoDB has been in use for a long time, And MongoDB-based data storage has never been used for permission access (MongoDB is set to have no permission access restrictions by default). Today I have spent some time studying it, the research results are as follows:

Note: The research results are based on the Windows platform
After MongoDB is installed and deployed locally
1. Enter the command: show dbs. You will find that there are two built-in databases, one is admin and the other is local. It seems that the local table is useless. If any user finds the purpose of this local table during use and wants to send a message, let's concentrate on the admin table.
2. enter the command: use admin. You will find that the database contains a system. user table, huh, huh, right. This table is equivalent to the user table in MsSql. It is used to store the super administrator. Let's add a super administrator to it.
3. enter the command: db. addUser ('sa ', 'sa'), here I add a super administrator user, username is sa, password is also sa, and now we have added a super administrator, let's test it. If we need to connect to MongoDB again, We Don't Need To prompt you to enter the user name and password. Let's quit first (ctrl + c)
4. Enter the command: use admin
5. Enter the command: show collections to view all the tables in the database. You will find that MongoDB does not prompt you to enter the user name and password. That's strange. What is the problem? As mentioned at the beginning of this article,
By default, apsaradb for MongoDB is set to have no access permission. In this case, we need to set it as a permission access restriction first. Let's look at the effect. How can we set it?
6. Find the MongoDB node in the Registry. In its ImgPath, modify it and add-auth, as shown below:
"D: \ Program Files \ mongodb \ bin \ mongod"-dbpath e: \ work \ data \ mongodb \ db-logpath e: \ work \ data \ mongodb \ log-auth-service
7. Enter the command: use admin
8. run the show collections command to view the tables in the database. The following message is displayed: "$ err": "unauthorized db: admin lock type:-1 client: 127.0.0.1 ", obviously, the prompt does not have the permission. It seems that the key is here. When we start MongoDB, we need to add the-auth parameter so that the permissions we set will take effect, next we use the user name and password we just set to access
9. enter the command: db. auth ('sa ', 'sa'). The output result is 1, indicating that the user is matched. If the user name or password is incorrect, 0 is entered.
10. Enter the command: show collections. The result is displayed. Here, the permission settings only cover more than half. Next, let's quit (ctrl + c)
11. enter the command: mongo TestDB. We try to connect to a new database (whether or not the database exists or not, if it does not exist, adding data to the database will create the database by default). Then, let's look at the tables in this database.
12. Enter the command: show collections, good guy. You have no permission. Enter the user name and password created above.
13. enter the command: db. auth ('sa ', 'sa'). If the input result is 0 and the user does not exist, someone may not understand it. It was just created before. How can it not exist? The reason is: When we access the MongoDB database separately and require access permissions, the user name and password are not a super administrator, but the system of the database. users in the user table. Note that I am talking about the situation of independent access. What is the case of not independent access? Next, let's talk about how to add users to the system. user table of the database without permissions.
14. enter the command: db. addUser ('test', '000000'), wow, the system still prompts that you do not have the permission. This can be done. The new database cannot be accessed by the super administrator, and the user to be created does not have the permission, oh, don't worry. If the super administrator user is set up, it must have the permission to access all the databases.
15. Enter the command: use admin
16. Enter the command: db. auth ('sa ', 'sa ')
17. Enter the command: use TestDB
18. enter the command: show collections, haha, All The Way smoothly. We found that super administrator users can access other libraries, we first enter the admin database and then go to other databases. admin is equivalent to the region where a top-level official is located. If you are a real estate agent and want to build a project in the local area, if you want to do it without passing through those senior officials, it will not work. You need to go to them first, give a gift, and then go down to the place, and you will be able to get the project, this comment is only personal opinion, and does not represent the blog garden. Now that the project is ready, it is about to be built, so we won't have to say hello to those senior officials every time we add bricks or tiles. So we have to make this project legal and we have to complete the relevant procedures and documents, not against Illegal Construction
19. enter the command: db. addUser ('test', '123'), we add a user to the TestDB database. Every time I access the database, I use the user I just created, exit (ctrl + c) first)
20. Enter the command: mongo TestDB
21. Enter the command: show collections, prompting you that you do not have permission
22. Enter the command: db. auth ('test', '123'), output result 1. The user exists, and the verification is successful.
23. Enter the command: show collections. I didn't prompt that I have no permission. Congratulations, you have succeeded.
Note: If you need to use the permission to access MongoDB, if you need to view all the databases in MongoDB, you can only view them through the super administrator permission and enter the command show dbs.