MongoDB User Management

Mongo System Database Introduction and permission settings.

This article is only valid for mongo2.61 , and the commands in the lower version are slowly replaced or deprecated in the new version. For example, use db.adduser () in the mongo242 version to create a user, but When you use this command in mongo261, It is not recommended to use this command.

1. Introduction to the system database.

The Mongo uses only two system data, namely admin , and local . Admin is primarily used to store information about users, roles, and versions. Local main store information about the on-premises server ( server startup and shutdown related information, replica set, replication related information ) . In the replica set, the database is not replicated.

2. security settings.

If Auth=true is not set in the configuration file , then any customer service can be linked to the MONGO Server, if the admin There are no users in system.users so any client can do anything to the MONGO server without any restrictions. So the first thing to do when you first log in to MONGO is to set up a login and restart the service.

3. User-related issues .

Create User:Db.createuser ()

Delete User:db.dropuser (UserName)

Change Password:db.changeuserpassword ("UserName", "newpwd")

Instance one: Delete the user:

Rs0:primary> db.system.users.find ({User: "Test"})

{"_id": "Admin.test", "User": "Test", "DB": "admin", "credentials": {"MONGODB-CR": "d2c20ba3ec3c642d7187d11cb54a901 6 "}," Roles ": [{" Role ":" Root "," db ":" Admin "}]}

Rs0:primary> db.dropuser ("test")

True

Rs0:primary>

Example two: Modify user password :

Rs0:primary> Db.auth ("Test1", "[email protected]")

1

Rs0:primary> Db.changeuserpassword ("Test1", "[email protected]")

Rs0:primary> Db.auth ("Test1", "[email protected]")

1

Rs0:primary>

4: Create user

User creation is more complex, involving user permissions, role issues.

1. Create a user

(1). Create a superuser who is not restricted by Access , the user can have any database , MONGO server to do any action.

Mode 1:

Use admin

Db.createuser (

{

User: "Admin",

PWD: "[email protected]",

roles:["Root"]

} )

Mode 2:

Db.createuser (

{

User: "Admin",

PWD: "[email protected]",

Roles: [{

Role: "Useradminanydatabase",

DB: "Admin"

}  ]  } )

(2). creating a generic user is also CreateUser

Use DB01

Db.createuser (

{

User: "Prouser",

PWD: "[email protected]",

roles:[

{role: "read", DB: "Db01"},

{role: "read", DB: "DB02"},

{role: "read", DB: "DB03"}]

} )

User Prouser has Read access to db01,db02,db03

(3). Common Role Descriptions :

READ: readonly role

ReadWrite: Read and write roles

DbAdmin: Database Administration Permissions

Useradmin: User Management permissions for the database

Clusteradmin: Cluster Management permissions ( replica set, Shard, Master-slave and other related management )

Readanydatabase: read-only permission for any database ( similar to read )

Readwriteanydatabase: What database Read and Write permissions ( similar to ReadWrite )

Useradminanydatabase: administrative rights for any database user ( similar to Useradmin )

Dbadminanydatabase: administrative permissions for any database (dbAdmin similar )

Role-owned Permissions reference:

http://drops.wooyun.org/%E8%BF%90%E7%BB%B4%E5%AE%89%E5%85%A8/2470

(4). User specific Information view

To view user Rights :

Db.runcommand (

{

Usersinfo: "UserName",

Showprivileges:true

} )

To view user information :

Db.runcommand ({usersinfo: "admin"})

Rs0:primary> Db.runcommand ({usersinfo: "root"})

{

"Users": [

{

"_id": "Admin.root",

"User": "Root",

"DB": "admin",

"Roles": [

{

"Role": "Root",

"DB": "admin"

}

]

}

],

"OK": 1

}

Note

1. increase the number of users or delete the user error resolution method.

Error:couldn ' t add user:user and role management commands require AUTH data to has schema version

Http://jingyan.baidu.com/article/6b97984d999ff31ca2b0bfce.html

Reference links :

http://drops.wooyun.org/%E8%BF%90%E7%BB%B4%E5%AE%89%E5%85%A8/2470

Http://www.chinacloud.cn/show.aspx?id=13972&cid=22

Http://www.jb51.net/article/53830.htm

This article is from the "SQL Server MySQL" blog, so be sure to keep this source http://dwchaoyue.blog.51cto.com/2826417/1613901

MongoDB User Management