In the latest version 2.4, mongodb has made all-new adjustments to user permission management, refining the permissions, enhancing security and becoming more and more like mysql permission management. I. Version user management before 2.4 1. Create a database
In the latest version 2.4, mongodb has made all-new adjustments to user permission management, refining the permissions, enhancing security and becoming more and more like mysql permission management. I. Version user management before 2.4 1. Create a database
In the latest version 2.4, mongodb has made all-new adjustments to user permission management, refining the permissions, enhancing security and becoming more and more like mysql permission management.
I. User Management for versions earlier than 2.4
1. Create a database administrator
1.1 enter the weiw database:
> Use weiw;
1.2 Add a user (read/write permission, readOnly --> false ):
> Db. addUser ("java", "java"); All weiw database permissions are granted by default.
> Db. addUser ("java1", "java1", true); read-only permission for this database
1.3 view all users
> Db. system. users. find ();
{"_ Id": ObjectId ("4e02a89fb841deb5fda3e5e2"), "user": "java", "readOnly": fa
Lse, "pwd": "59cf7cc156874cbd35cb00869126f569 "}
1.4 delete a user
> Db. system. users. remove ({user: "java1 "});
> Db. removeUser ("java1 ");
2. Create a Super User
2.1 enter the admin Database
> Use admin
2.2 All Users created in admin are superusers and can operate any database
> Db. addUser ("admin", "admin"); All Database permissions are granted by default.
> Db. addUser ("admin1", "admin", true); read-only permission for all databases
Ii. Versions later than 2.4 have improved user permission management, and are more and more like mysql. We recommend that you use permission management after 2.4.
2.4 permission management is divided into database operation permissions, database user management permissions, and cluster management permissions. It is recommended that super users manage these users in the admin database. However, it is still compatible with user management methods earlier than 2.4.
1. Enter the admin Database
> Admin
2. Add an app that has read-only permissions on the app database and has read and write permissions on app_log. However, the app does not have any operation permissions on the admin database and cannot add any users.
> Db. addUser ({
User: "app ",
Pwd: '1q2w3e4r ',
Roles: [],
OtherDBRoles:
{
App: ["read"],
App_log: ["readWrite"]
}
})
> Db. addUser ({user: 'app', pwd: '1q2w3e4r ', roles: ["readWrite"]}) # have read and write permissions on the database
3. View users
> Db. system. users. find ()
{"_ Id": ObjectId ("528ac7d4bf62beb4259db527"), "user": "app", "pwd": "role", "roles": [], "otherDBRoles ": {"app": ["read"], "app_log": ["readWrite"]}
When a user is added, the user name is the word, pwd is the password, roles specifies the permissions of the user, and otherDBRoles indicates the permissions of other databases except roles, the format is a dictionary.
Iii. Descriptions of permissions in roles:
Read: the read-only permission of a specified database. It has the following permissions:
Aggregate, checkShardingIndex, cloneCollectionAsCapped, collStats
Count, dataSize, dbHash, dbStats, distinct, filemd5
GeoNear, geoSearch, geoWalk, group
MapReduce (inline output only.), text (beta feature .)
ReadWrite has the read and write permissions for the specified database. In addition to the read permission, readWrite also has the following permissions:
CloneCollection (as the target database.), convertToCapped
Create (and to create collections implicitly .)
Drop (), dropIndexes, emptycapped, ensureIndex ()
FindAndModify, mapReduce (output to a collection .)
RenameCollection (within the same database .)
Read and readWrite operations on tables in the database
DbAdmin specifies the database management Permissions
Clean, collMod, collStats, compact, convertToCapped
Create, db. createCollection (), dbStats, drop (), dropIndexes, ensureIndex ()
IndexStats, profile, reIndex, renameCollection (within a single database.), validate
UserAdmin Specifies database user management Permissions
ClusterAdmin cluster management permissions (replica set, sharding, master-slave, and other related management)
AddShard, closeAllDatabases, connPoolStats, connPoolSync, _ cpuProfilerStart
_ CpuProfilerStop, cursorInfo, diagLogging, dropDatabase
EnableSharding, flushRouterConfig, fsync, db. fsyncUnlock ()
GetCmdLineOpts, getLog, getParameter, getShardMap, getShardVersion
HostInfo, db. currentOp (), db. killOp (), listDatabases, listShards
LogRotate, moveChunk, movePrimary, netstat, removeShard, unsetSharding
RepairDatabase, replSetFreeze, replSetGetStatus, replSetInitiate
ReplSetMaintenance, replSetReconfig, replSetStepDown, replSetSyncFrom
Resync, serverStatus, setParameter, setShardVersion, shardCollection
ShardingState, shutdown, splitChunk, splitVector, split, top, touch
ReadAnyDatabase read-only permission for any database (similar to read)
ReadWriteAnyDatabase read and write permissions of any database (similar to readWrite)
UserAdminAnyDatabase management permissions of any database user (similar to userAdmin)
DbAdminAnyDatabase management permissions for any database (similar to dbAdmin)
For details, see the official documentation:
This article is from the "Wang Wei" blog. Please keep this source