MongoDB User and permission settings reprint has not been carefully read the details of things

Source: Internet
Author: User

Before using MongoDB without setting users and permissions, the native application is always connected to MongoDB. The database connection port is not open after deployment on the server, and the native application connects to open the application-side statement for external access. Think about something very wrong or set the user authorization.

The environment I am deploying is the MongoDB2.4.8 version under Windows. The first thing to do is to turn on the safe mode, when you start the MongoDB service, add the--auth parameter, the command is as follows:

--dbpath D:\mongodb\data--logpath=D:\mongodb\logs\mongodb.log--auth

In this way, the connection to MongoDB operation will require certain permissions.

First, we need to start the service without adding "--auth" permission parameter to User Rights management

We start the MongoDB service like this:

--dbpath D:\mongodb\data--logpath=D:\mongodb\logs\mongodb.log

At this time do not specify the user to connect MongoDB, can log in and operate, my operation is as follows:

d:\>mongomongodb Shell version:2.4.8connecting to:test>show Dbsadmin   (empty)0. 078125 gb>     

You can see the default display of two libraries, we need to enter the Admin library to set permissions (this time because the service does not add permission parameters, so the default is to have permission to set the relevant)

> Use admin

Switched to DB admin

> Db.adduser (' sa ', ' sa ')

{

"User": "sa",

"ReadOnly": false,

"pwd": "75692b1d11c072c6c79332e248c4f699",

"_id": ObjectId ("53af835ada88ac42a40917a0")

}

> Db.system.users.find ()

{"_id": ObjectId ("53af835ada88ac42a40917a0"), "user": "sa", "readOnly": false, "pwd": "75692b1d11c072c6c79332e248c4f6 99 "}

Second, we turn off the previously opened service, add "--auth" permission parameters, restart the MongoDB service

--dbpath D:\mongodb\data--logpath=d:\mongodb\logs\mongodb.log--auth

We connect and operate again:

D:\>mongo

MongoDB Shell version:2.4.8

Connecting To:test

> Use admin

Switched to DB admin

> Show Collections

Sun June 11:17:27.103 Error: {

"$err": "Not authorized for query on Admin.system.namespaces",

"Code": 16550

} at src/mongo/shell/query.js:128

found that if the default connection is not the identity information, there is no permission to operate. We verify the user that was added before, and then try the following:

> Db.auth (' sa ', ' sa ') 1//return 1 for Verification success, return 0 for validation failure >Show Collectionssystem.indexessystem.users 

Find verification successful can operate the Admin library, we connect the other libraries to try:

D:\>Mongomongodb Shell version:2.4.8Connecting to:test> Show Collectionssun June29 11: 20: 17.996 " $ Err ": " not authorized for query on test.system.namespaces ",  "code": 16550} at src/mongo/shell/query.js:128> Db.auth ( ' sa ' ) Error: 18 {code: 18, OK: Span class= "number" >0.0, ErrMsg:  "auth fails" 0               

Found here authentication failed, previously set Admin user authentication no use. I checked the information. You must log in from admin and use other libraries before being authenticated:

d:\>2.4. 8connecting to:test> useadminswitched to DB admin> db.auth (' sa ',' sa ' )1> usetestswitched to DB test> show collections        

Third, add the top level Admin user, you can use the Admin account for other user's settings

If you want a separate library to have a separate user name, you must first log in from the admin and then set the appropriate user information, the following:

D:\>Mongomongodb Shell version:2.4.8Connecting to:test> Use adminswitched to DB admin> Db.auth (' Sa ',' Sa ')1//Login from admin First> use testswitched to DB test> ' test ') // The user who added the test library { " Test "false " A6de521abefc2fed4f5876855a3484f5 " " _id ": ObjectId ( "53AF874C5017B6747E68DA2A" )}        

Log in to test again separately:

D:\>Mongomongodb Shell version:2.4.8Connecting to:test>Show collections//Not logged in without permission sun June29 11:27:52.899 error: {  "$err": , " code ": 16550 at src/mongo/shell/query.js:128> Db.auth ( ' test ') // previously set account 1 // login successful > show Collectionssystem.indexessystem.users            

Iv. after setting up the admin account, open the MongoDB service with permission parameters manage user rights in the visual manager

Under Windows I used the Mongovue visual management tool. To create a new connection:

Before you start a service without the Auth parameter, you can connect without adding a user name password, because the auth parameter is set so you must add the user name and password, and the Admin user sa set above can be connected. After connecting, open a library with the users settings

In this case, you can add and remove changes to a library, which is the highest-privileged admin view, and if you log in with the test library test user, the view will only see the test library.

These are the simple ways that Windows uses MongoDB to set user permissions in the shell and visualization tools.

MongoDB User and permission settings reprint has not been carefully read the details of things

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.