MongoDB User and Rights Management (II): User Management

First, create an administrator account

1. The following starts to create an account, which requires grant permission, namely: Account Management authorization rights. Note that the account is followed by the library, so authorization in the specified library must also be verified in the specified library (auth).

> Use admin Switched to DB admin > Db.createuser ( { User: "DBA", PWD: "DBA", Roles: [{role: ' Useradminanydatabase ', db: ' admin '}] } )

2. Edit The MongoDB configuration file and turn on the authentication module

Security Authorization:enabled

3. Restart the mongod.

4. login to MongoDB again

#mongo           "OK": 0,            "errmsg": "Not authorized in Admin to execute command  {listdatabases:1.0}",           "code":,            "codename": "Unauthorized"

5. The error is reported as above, since the Auth module is turned on and needs to be verified. If you need to use the administrator account you just created, you need to verify it under the Admin library, and 1 means that the validation is successful.

>use Admin >db.auth (' dba ', ' DBA ') 1

6. Verify the success and execute the command again:

> Show DBS Admin 0.000GB Local 0.000GB

Can execute successfully.

Second, create a regular user account

the role of Useradminanydatabase has the ability to create users under any database, following the creation of a normal user with the DBA user just created .

1. Create a read-only account

Use DB1 Db.createuser ( { User: "Test1", PWD: "Test1", Roles: [{role: ' read ', DB: ' DB1 '}] } )

2. Create a read/write account

Use DB1 Db.createuser ( { User: "Test2", PWD: "Test2", Roles: [{role: ' ReadWrite ', db: ' DB1 '}] } )

Note: Only users created under the current library will be able to verify under the current library, and users of other libraries created under the Admin library will need to be validated under admin.

Third, create super Admin user

MongoDB built the root role after the V3.0 version , which is a combination of readwriteanydatabase,dbadminanydatabase , Useradminanydatabase,clusterAdmin4 role permissions, similar to the sysdba role of ORACLE , but MongoDB 's Super Admin user name can be defined casually. Of course, users with such high privileges are not recommended.

Db.createuser ( { User: "Dbroot", PWD: "Dbroot", Roles: [{role: ' Root ', db: ' admin '}] } )

Iv. Viewing user information

Db.getuser ("Test1")

> Db.getuser ("Test1") { "_id": "Admin.test1", "User": "Test1", "DB": "admin", "Roles": [ { "Role": "Clusteradmin", "DB": "admin" } ] }

V. Modification of user Information

The following information can be modified by the user:

roles, passwords,customData

Db.updateuser ("Test1", { Customdata:{employeeid: "0x3039"}, roles:[ {role: "read", DB: "Admin"} ], PWD: "Test1password" } )

Vi. Modifying user passwords

Db.changeuserpassword ("User", "password")

Vii. Deleting users

Db.system.users.remove ({User: "User1"});

Db.dropuser ("Test1")

Viii. Authorization to users

If the original permissions are not changed, Grant the Readwrite,read admin permission:

Db.grantrolestouser ( "Test1", ["ReadWrite", {role: "read", DB: "Admin"} ] )

IX. Rights of recovery

Reclaim the Test1 user's readWrite and read admin permissions.

Db.revokerolesfromuser ( "Test1", [{role: ' read ', DB: ' admin '}, "ReadWrite" ] )

This article is from the "Old scholar" blog, please make sure to keep this source http://showing.blog.51cto.com/11976328/1905183

MongoDB User and Rights Management (II): User Management