MongoDB User Management

Role Specific Description:
READ: Allows the user to read the specified database
ReadWrite: Allows the user to read and write to the specified database
DbAdmin: Allows the user to perform administrative functions in the specified database, such as index creation, deletion, viewing statistics, or accessing System.profile
Useradmin: Allows the user to write to the System.users collection to create, delete, and manage users in the specified database
Dbowner: Database owner, including ReadWrite, DbAdmin, useradmin
Clusteradmin: Available only in the admin database, giving the user administrative permissions on all shard and replica set related functions
Readanydatabase: Only available in the Admin database, giving users read access to all databases
Readwriteanydatabase: Only available in the Admin database, giving users read and write access to all databases
Useradminanydatabase: Only available in the Admin database, giving the user useradmin permissions for all databases
Dbadminanydatabase: Only available in the Admin database, giving the user dbadmin permissions for all databases
Root: Available only in the admin database. Super account, Super privilege
__system: Internal role, not recommended



Create a superuser who is not restricted by access

Use admin
Db.createuser (
{
User: "Root",
PWD: "Www.ttlsa.com",
roles:["Root"]
}
)




Create a Super User

There are two types of Superuser's role, Useradmin and Useradminanydatabase
Use admin
Db.createuser (
{
User: "Admin",
PWD: "Www.ttlsa.com",
roles:[
{
Role: "Useradminanydatabase",
DB: "Admin"
}]
}
)


DB is the name of the specified database, and admin is the management database.


Create a normal user

Use admin
Db.createuser (
{
User: "Dev",
PWD: "Www.ttlsa.com",
roles:[
{role: "read", DB: "Db01"},
{role: "read", DB: "DB02"},
{role: "read", DB: "DB03"}
]
}
)


Delete User

First enter the target library: use test
Db.dropuser ("TestUser")
Db.system.users.remove ({User: "TestUser"});
Db.removeuser ("TestUser");


View Current User Permissions

Db.runcommand (
{
Usersinfo: "UserName",
Showprivileges:true
}
)




You can only view the users in the current database, even if the current database admin database, you can only view the user created in the admin database.

Modify User Password

Use admin
Db.changeuserpassword ("username", "xxx")



View user Information

Db.runcommand ({usersinfo: "UserName"})
Db.system.users.find ()



Modifying user passwords and user information

Db.runcommand (
{
UpdateUser: "username",
PWD: "XXX",
Customdata:{title: "XXX"}
}
)


Add a role

First enter the target library: use test

Db.grantrolestouser ("TestUser", [{role: "read", DB: "admin"}])



Reclaim Role Permissions

First enter the target library: use test

Db.revokerolesfromuser ("TestUser", [{role: "read", DB: "admin"}])



Build authentication environment and Authentication login

1. Locate the MongoDB configuration file and set the Noauth=true

After you restart MongoDB, login to the admin account to create a super-privileged user

Use admin

Db.createuser ({User: ' root ', pwd: ' Root ', roles:[{"role": "Root", "db": "Admin"}]});


2. Close MongoDB

3. Enable authentication parameters

To ensure that permission authentication takes effect, you need to add auth=true to the MongoDB configuration file and cancel out the Noauth=true

4. Start MongoDB

5. Authentication Login

> Use admin
Switched to DB admin
> Db.auth (' Root ', ' root ')

1
> Use Hong
Switched to DB Hong
> Show Collections;
MyCol
System.users
> Db.mycol.find ();
{"_id": ObjectId ("56f255b77fa46acddeb4507b"), "name": "MyCol"}



Note:
User management related to the basic operation of the admin database to run, the first use of admin;
If under a single database, it can only operate on the permissions of the current database;
Db.adduser is an older version of the operation, now the version can also continue to use, created by the user is a root role of the Super administrator.

MongoDB User Management