MongoDB User and Permissions settings

Before using MongoDB without setting users and permissions, the native application is always connected to MongoDB. The database connection port is not open after deployment on the server, and the native application connects to open the application-side statement for external access. Think about something very wrong or set the user authorization.

The environment I am deploying is the MongoDB2.4.8 version under Windows. The first thing to do is to turn on the safe mode, when you start the MongoDB service, add the--auth parameter, the command is as follows:

D:\mongodb>mongod.exe--dbpath D:\mongodb\data--logpath=--auth

In this way, the connection to MongoDB operation will require certain permissions.

First, we need to start the service without adding "--auth" permission parameter to User Rights management

We start the MongoDB service like this:

D:\mongodb>mongod.exe--dbpath D:\mongodb\data--logpath=D:\mongodb\logs\mongodb.log

At this time do not specify the user to connect MongoDB, can log in and operate, my operation is as follows:

d:\>2.4.8connecting to:test> show dbsadmin   (empty) local   0. 078125GB >

You can see the default display of two libraries, we need to enter the Admin library to set permissions (this time because the service does not add permission parameters, so the default is to have permission to set the relevant)

> Use admin
Switched to DB admin
> Db.adduser (' sa ', ' sa ')
{
"User": "sa",
"ReadOnly": false,
"pwd": "75692b1d11c072c6c79332e248c4f699",
"_id": ObjectId ("53af835ada88ac42a40917a0")
}
> Db.system.users.find ()
{"_id": ObjectId ("53af835ada88ac42a40917a0"), "user": "sa", "readOnly": false, "pwd": "75692b1d11c072c6c79332e248c4f6 99 "}

Second, we turn off the previously opened service, add "--auth" permission parameters, restart the MongoDB service

D:\>mongod--dbpath D:\mongodb\data--logpath=d:\mongodb\logs\mongodb.log--auth

We connect and operate again:

D:\>mongo
MongoDB Shell version:2.4.8
Connecting To:test
> Use admin
Switched to DB admin
> Show Collections
Sun June 11:17:27.103 Error: {
"$err": "Not authorized for query on Admin.system.namespaces",
"Code": 16550
} at src/mongo/shell/query.js:128

found that if the default connection is not the identity information, there is no permission to operate. We verify the user that was added before, and then try the following:

> Db.auth (' sa ', ' sa ')1//return 1 for Verification success, return 0 for validation failure > Show Collectionssystem.indexessystem.users

Find verification successful can operate the Admin library, we connect the other libraries to try:

d:\>2.4.8connecting to:test>11:20:17.996 error: {        "$err": "Not Authorized for query on Test.system.namespaces ",        " code ": 16550} at src/mongo/shell/query.js:128 > Db.auth (' sa ', ' sa 'code:18, ok:0.0, errmsg: "Auth fails" }0

Found here authentication failed, previously set Admin user authentication no use. I checked the information. You must log in from admin and use other libraries before being authenticated:

d:\>2.4.8connecting to:test> Use adminswitched to DB admin> Db.auth (' sa ', ' sa '  )1> use testswitched to DB Test> Show Collections

Third, add the top level Admin user, you can use the Admin account for other user's settings

If you want a separate library to have a separate user name, you must first log in from the admin and then set the appropriate user information, the following:

D:\>mongomongodb Shell version:2.4.8Connecting To:test>Use adminswitched to DB admin> Db.auth (' sa ', ' sa ')1//login from admin first>Use testswitched to DB test>Show Collections> Db.adduser (' Test ', ' test ')//users who added the test library{        "User": "Test",        "ReadOnly":false,        "pwd": "A6de521abefc2fed4f5876855a3484f5",        "_id": ObjectId ("53AF874C5017B6747E68DA2A")} 

Log in to test again separately:

d:\>2.4.8connecting To:test> Show Collections       // not logged in without permission Sun June 29 11:27:52.899 Error: {        "$err": "Not authorized for query on Test.system.namespaces",        "code": 1 6550} at src/mongo/shell/query.js:128> db.auth (' Test ', ' Test ')     // Pre-set account 1                                    // Login Success > show Collectionssystem.indexessystem.users

Iv. after setting up the admin account, open the MongoDB service with permission parameters manage user rights in the visual manager

Under Windows I used the Mongovue visual management tool. To create a new connection:

Before you start a service without the Auth parameter, you can connect without adding a user name password, because the auth parameter is set so you must add the user name and password, and the Admin user sa set above can be connected. After connecting, open a library with the users settings

　　　　

In this case, you can add and remove changes to a library, which is the highest-privileged admin view, and if you log in with the test library test user, the view will only see the test library.

These are the simple ways that Windows uses MongoDB to set user permissions in the shell and visualization tools.