Read Catalogue
- 1.MongoDB Permissions Introduction
- 2 MongoDB Add Administrator account
- 3 MongoDB turn on user rights verification
- 4 MongoDB's Roles role brief introduction
- 5 MongoDB Create a new database and configure the read-write (read, readWrite) Rights Management case description
- 6 MongoDB Super Admin root
Back to Top
1.MongoDB Permissions IntroductionA in the previous article, we configured the MONGODB environment under Linux and set it to start with the service randomization, so the next article we will briefly talk about the management of the login user rights under MongoDB. b MongoDB installation, the default is not required to enter the user name password can log in, but often the database we will be in security considerations and set the user name password, this article mainly describes the MongoDB add administrator/Ordinary user method. C in the relational database we use, generally have permission control, that is, configure what the user access to what database, what data table, what users can make additions and deletions to the table, what the user can be read and so on can be configured, then MongoDB as a non-relational database of the typical, It is also can be configured, and to master the rights of MongoDB we simply need to understand the following points, followed by the following points to configure (online learning to get a summary). C.1 MongoDB does not have a default administrator account, so you have to add an administrator account, in the Open permission authentication. C.2 Switch to the admin database, add the account is the administrator's account. C.3 users can only log in to the user's database, including the administrator account. C.4 administrator can manage all the databases, but not directly manage other databases, first in the Admin database authentication can be, but also for security reasons. D This Learning note the version of MongoDB that is installed under Linux is 3.2.8, so the commands below are all based on the 3.2.8 version, which is because the old version and the new version of the command are different, please be known, if you use a lower version, please see for yourself what the command is for the test operation. Back to Top
2 MongoDB Add Administrator account A above simple description, below we need to start connecting to the database to enter the CLI management interface, only after entering this page we can operate it (temporarily for the client, followed by the client to explain). A.1 first jump to the Bin folder under the MongoDB installation package, and then start with the command (./mongo), it will start successfully (make sure MongoDB service is started), (MONGDB installation path for its own installation paths, may be inconsistent with me, please check): A.2, If the connection is successful, we can do it behind >. B connect the database and switch to the user table b.1 after the connection succeeds first we enter the command: Show dbs, we found that its system built in a database name of the local (if you find out there is an admin database, That is because you are using the low version of MongoDB, the Admin library does not exist and needs to be created by ourselves. B.2 (use admin) uses this command to create an admin database, which will use the admin database, which is also a command to switch the database. B.3 (show collections) after switching to the admin library, use the show collections query, We found that the database contained a system.user and system.version table, we mainly look at the System.user table, this table is used to store the Super administrator. B.4 (Db.system.users.find ()) First use the command query System.user table contains data no, enter the command: Db.system.users.find (), the query found that the database is empty, At this point we add an administrator account to the table. D Add users and assign roles and databases to the user, command: D.1 User: Username D.2 pwd: password D.3 customData: Description field D.4 roles: Specifies the role of the user, you can set an empty array to the new user with a null role, in the R The Oles field can specify built-in roles and user-defined roles, built-in roles in the fourth module we specifically come back to say it. e (Show Users, Db.system.users.find ()) When the user is created, we can use the previous two commands to query the user's information, self-query see. F When the user information is added, our idea is to reconnect immediately verify whether the permissions have been controlledSystem, here to hit you, of course, there is no control, here we also need to turn on user rights verification, because MongoDB default is not open permission verification, the following we briefly say how to turn on permission verification. Back to Top
3
MongoDB Turn on user rights verification A through the above simple introduction we have configured the user and password as well as the role, but as I said in the last step above, login or login here, because we do not turn on user rights verification, how to open this permission verification. b First we open the previous mongodb.conf configuration file we configured, my installation path is: (/usr/local/kencery/mongodb/mongodb/bin/), using Vim to open, find such a property (Auth=true), Remove the previous comment and save it. C Restart the MongoDB service because I have already set up MongoDB as a service, so I use the following command to close and restart MongoDB C.1 Service mongod Stop C.2 service Mongod start D After the reboot we connect to the database and then switch to the Admin database, using the Db.system.users.find () command to view, as shown, the configuration has been successful
e As shown, prompt message that we do not have an alignment authorization, at this time, we enter the following command to authorize, after authorization we use the query command to query the discovery has been able to query, here simple permissions have been set to complete. E.1 Db.auth ("Kencery", "Kencery") back to top
4
a brief introduction to MongoDB's roles roleA mongodb built-in role official website document Description: http://docs.mongoing.com/manual-zh/reference/built-in-roles.html b about MongoDB's built-in role, We can probably be divided into the following several to briefly say B.1 database user Roles: Read, ReadWrite B.2 Database Administration Roles (DB Management role): DBADMI N, Dbowner, useradmin b.3 culster Administration Roles (Administrators group, managed for the entire system): Clusteradmin, Clustermanager, Clustermonitor, Hostmanager b.4 Backup and Restoration Roles (Backup restore role Group): Backup, restore B.5 all-database Roles (all database roles): Readanydatabase , Readwriteanydatabase, Useradminanydatabase, Dbadminanydatabase b.6 Superuser Roles (super Admin): Root, (Dbowner, Useradmin, Useradminanydatabase These role roles provide any data on any user's ability to have any permissions, users who have this role can define their own permissions on any database b.7 Internal role (internal roles, not generally recommended): __ System C about the meaning of each role above, please go to the official website or this article to check, the address is: http://www.cnblogs.com/SamOk/p/5162767.html D I just understand some, not all understand, Because after all, just self-study, so just do their own practice test some of the role of the meaning, if you do not understand that, you can leave a message to discuss. Back to Top
5
MongoDB creates a new database and configures the read-write (read, readWrite) Rights Management case description A in the above we set up a useradminanydatabase role for kencery users under the Admin database, using this user to manage the user, who can create and delete roles through this role. First we switch to admin under the authorized user login (after reconnecting the operation), the command is as follows: A.1 use admin A.2 db.auth ("Kencery", "Kencery") Return 1 indicates successful authorization or authorization failed A.3 show DBS Verify the authorization was successful. b After successful authorization, we first create a log table (logs) to create a read and Readwrtite account for the logs table. Read account corresponding to the system account, ReadWrite account corresponding to read and write account, the command is as follows: B.1 use logs B.2 db.createuser ({ &NB Sp User: "read", &N Bsp PWD: "read", roles:[{role: "read", DB: "Logs"}] }) B.3 Add read-write users, the above command in the user and PWD to: readwrite,roles role changed to ReadWrite, the other do not have to change. B.4 Last query we added the user as shown below, then we read and read and write to the user add complete. C above we created two accounts, we first verify the read-Write account (ReadWrite (can write to the current database user information), C.1 First we do not cutFor the user, directly under the Kencery user under the logs database under the Payment table to insert, will prompt us to insert the failure, no permissions, this is because the Useradminanydatabase permissions are only for the user management, the other representations do not have permission to operate, As shown below: C.2 from the above to see that we have the right to authorize the failure, this time with our created Readwriter (read-write) account authorization, and then in the insertion and query, then found that the insertion and query are successful, C.3 from above we see there is no problem with read and write permission validation. D above to test the read and write permissions, we test the Read permission (read) D.1 continue above, first we authorize the read user, and then use the Read user to insert and query, then found that the insertion prompt is not authorized, and the query succeeds, we expect the implementation,: D.2 is shown, the authorization is complete and can be configured to allow certain users to read only and not to insert modified permissions. Back to Top
6
MongoDB Super Admin rootA above we briefly introduced read and write permissions and read permissions, then we say the root permissions, it is super permissions, that is, you just configure their account, you can do any operation of the data, of course, the normal environment is not recommended, the risk is very high! But to learn, let's talk about the use of this role, B first in the environment above we continue to authorize kencery users, and then create a superuser nouse (not recommended). But when we are authorized to find an error, error: Note: The reason is that we created under the Admin database user, not directly under the other library authorization, can only be authorized under the account creation library, and then go to other libraries to access. C from above, first we switch the database to admin, then create the user Nouse, the permissions role to root, the database corresponding to the admin, the script has been written above, here is no longer cumbersome. D after the switch authorization to use Nouse, after switching to the logs database for various operations, found to be able to operate, simple as follows: E because the account is always in the current need to authorize the database under the authorization, it is not under the current database authorization, it means that I now switch to the Admin database to add the user to the logs database, after the creation is done how to do? Always write down the sentence above: (Where to create where authentication) under the Admin database created under the user, not directly under the other library authorization, can only be authorized under the account creation library, and then go to other libraries to access. F from the beginning of the article to now we have created a lot of accounts, then we can use the following two commands to query the account and the total number of accounts F.1 Db.system.users.find (). Pretty () F.2 Db.system.users.find (). Coun T ()
MongoDB User Configuration