Mongo System Database Introduction and permission settings.
This article is only valid for mongo2.61 , and the commands in the lower version are slowly replaced or deprecated in the new version. For example, use db.adduser () in the mongo242 version to create a user, but When you use this command in mongo261, It is not recommended to use this command.
1. Introduction to the system database.
The Mongo uses only two system data, namely admin , and local . Admin is primarily used to store information about users, roles, and versions. Local main store information about the on-premises server ( server startup and shutdown related information, replica set, replication related information ) . In the replica set, the database is not replicated.
2. security settings.
If Auth=true is not set in the configuration file , then any customer service can be linked to the MONGO Server, if the admin There are no users in system.users so any client can do anything to the MONGO server without any restrictions. So the first thing to do when you first log in to MONGO is to set up a login and restart the service.
3. User-related issues .
Create User:Db.createuser ()
Delete User:db.dropuser (UserName)
Change Password:db.changeuserpassword ("UserName", "newpwd")
Instance one: Delete the user:
Rs0:primary> db.system.users.find ({User: "Test"})
{"_id": "Admin.test", "User": "Test", "DB": "admin", "credentials": {"MONGODB-CR": "d2c20ba3ec3c642d7187d11cb54a901 6 "}," Roles ": [{" Role ":" Root "," db ":" Admin "}]}
Rs0:primary> db.dropuser ("test")
True
Rs0:primary>
Example two: Modify user password :
Rs0:primary> Db.auth ("Test1", "[email protected]")
1
Rs0:primary> Db.changeuserpassword ("Test1", "[email protected]")
Rs0:primary> Db.auth ("Test1", "[email protected]")
1
Rs0:primary>
4: Create user
User creation is more complex, involving user permissions, role issues.
1. Create a user
(1). Create a superuser who is not restricted by Access , the user can have any database , MONGO server to do any action.
Mode 1:
Use admin
Db.createuser (
{
User: "Admin",
PWD: "[email protected]",
roles:["Root"]
} )
Mode 2:
Db.createuser (
{
User: "Admin",
PWD: "[email protected]",
Roles: [{
Role: "Useradminanydatabase",
DB: "Admin"
} ] } )
(2). creating a generic user is also CreateUser
Use DB01
Db.createuser (
{
User: "Prouser",
PWD: "[email protected]",
roles:[
{role: "read", DB: "Db01"},
{role: "read", DB: "DB02"},
{role: "read", DB: "DB03"}]
} )
User Prouser has Read access to db01,db02,db03
(3). Common Role Descriptions :
READ: readonly role
ReadWrite: Read and write roles
DbAdmin: Database Administration Permissions
Useradmin: User Management permissions for the database
Clusteradmin: Cluster Management permissions ( replica set, Shard, Master-slave and other related management )
Readanydatabase: read-only permission for any database ( similar to read )
Readwriteanydatabase: What database Read and Write permissions ( similar to ReadWrite )
Useradminanydatabase: administrative rights for any database user ( similar to Useradmin )
Dbadminanydatabase: administrative permissions for any database (dbAdmin similar )
Role-owned Permissions reference:
http://drops.wooyun.org/%E8%BF%90%E7%BB%B4%E5%AE%89%E5%85%A8/2470
(4). User specific Information view
To view user Rights :
Db.runcommand (
{
Usersinfo: "UserName",
Showprivileges:true
} )
To view user information :
Db.runcommand ({usersinfo: "admin"})
Rs0:primary> Db.runcommand ({usersinfo: "root"})
{
"Users": [
{
"_id": "Admin.root",
"User": "Root",
"DB": "admin",
"Roles": [
{
"Role": "Root",
"DB": "admin"
}
]
}
],
"OK": 1
}
Note
1. increase the number of users or delete the user error resolution method.
Error:couldn ' t add user:user and role management commands require AUTH data to has schema version
Http://jingyan.baidu.com/article/6b97984d999ff31ca2b0bfce.html
Reference links :
http://drops.wooyun.org/%E8%BF%90%E7%BB%B4%E5%AE%89%E5%85%A8/2470
Http://www.chinacloud.cn/show.aspx?id=13972&cid=22
Http://www.jb51.net/article/53830.htm
This article is from the "SQL Server MySQL" blog, so be sure to keep this source http://dwchaoyue.blog.51cto.com/2826417/1613901
MongoDB User Management