Mongodb user permission management

Source: Internet
Author: User
In the latest version 2.4, mongodb has made all-new adjustments to user permission management, refining the permissions, enhancing security and becoming more and more like mysql permission management. I. Version user management before 2.4 1. Create a database

In the latest version 2.4, mongodb has made all-new adjustments to user permission management, refining the permissions, enhancing security and becoming more and more like mysql permission management. I. Version user management before 2.4 1. Create a database

In the latest version 2.4, mongodb has made all-new adjustments to user permission management, refining the permissions, enhancing security and becoming more and more like mysql permission management.


I. User Management for versions earlier than 2.4

1. Create a database administrator


1.1 enter the weiw database:

> Use weiw;


1.2 Add a user (read/write permission, readOnly --> false ):

> Db. addUser ("java", "java"); All weiw database permissions are granted by default.

> Db. addUser ("java1", "java1", true); read-only permission for this database


1.3 view all users

> Db. system. users. find ();


{"_ Id": ObjectId ("4e02a89fb841deb5fda3e5e2"), "user": "java", "readOnly": fa

Lse, "pwd": "59cf7cc156874cbd35cb00869126f569 "}


1.4 delete a user

> Db. system. users. remove ({user: "java1 "});

> Db. removeUser ("java1 ");


2. Create a Super User

2.1 enter the admin Database

> Use admin


2.2 All Users created in admin are superusers and can operate any database

> Db. addUser ("admin", "admin"); All Database permissions are granted by default.

> Db. addUser ("admin1", "admin", true); read-only permission for all databases


Ii. Versions later than 2.4 have improved user permission management, and are more and more like mysql. We recommend that you use permission management after 2.4.


2.4 permission management is divided into database operation permissions, database user management permissions, and cluster management permissions. It is recommended that super users manage these users in the admin database. However, it is still compatible with user management methods earlier than 2.4.


1. Enter the admin Database

> Admin


2. Add an app that has read-only permissions on the app database and has read and write permissions on app_log. However, the app does not have any operation permissions on the admin database and cannot add any users.

> Db. addUser ({

User: "app ",

Pwd: '1q2w3e4r ',

Roles: [],

OtherDBRoles:

{

App: ["read"],

App_log: ["readWrite"]

}

})

> Db. addUser ({user: 'app', pwd: '1q2w3e4r ', roles: ["readWrite"]}) # have read and write permissions on the database


3. View users

> Db. system. users. find ()

{"_ Id": ObjectId ("528ac7d4bf62beb4259db527"), "user": "app", "pwd": "role", "roles": [], "otherDBRoles ": {"app": ["read"], "app_log": ["readWrite"]}


When a user is added, the user name is the word, pwd is the password, roles specifies the permissions of the user, and otherDBRoles indicates the permissions of other databases except roles, the format is a dictionary.


Iii. Descriptions of permissions in roles:


Read: the read-only permission of a specified database. It has the following permissions:


Aggregate, checkShardingIndex, cloneCollectionAsCapped, collStats

Count, dataSize, dbHash, dbStats, distinct, filemd5

GeoNear, geoSearch, geoWalk, group

MapReduce (inline output only.), text (beta feature .)


ReadWrite has the read and write permissions for the specified database. In addition to the read permission, readWrite also has the following permissions:


CloneCollection (as the target database.), convertToCapped

Create (and to create collections implicitly .)

Drop (), dropIndexes, emptycapped, ensureIndex ()

FindAndModify, mapReduce (output to a collection .)

RenameCollection (within the same database .)


Read and readWrite operations on tables in the database


DbAdmin specifies the database management Permissions


Clean, collMod, collStats, compact, convertToCapped

Create, db. createCollection (), dbStats, drop (), dropIndexes, ensureIndex ()

IndexStats, profile, reIndex, renameCollection (within a single database.), validate


UserAdmin Specifies database user management Permissions


ClusterAdmin cluster management permissions (replica set, sharding, master-slave, and other related management)


AddShard, closeAllDatabases, connPoolStats, connPoolSync, _ cpuProfilerStart

_ CpuProfilerStop, cursorInfo, diagLogging, dropDatabase

EnableSharding, flushRouterConfig, fsync, db. fsyncUnlock ()

GetCmdLineOpts, getLog, getParameter, getShardMap, getShardVersion

HostInfo, db. currentOp (), db. killOp (), listDatabases, listShards

LogRotate, moveChunk, movePrimary, netstat, removeShard, unsetSharding

RepairDatabase, replSetFreeze, replSetGetStatus, replSetInitiate

ReplSetMaintenance, replSetReconfig, replSetStepDown, replSetSyncFrom

Resync, serverStatus, setParameter, setShardVersion, shardCollection

ShardingState, shutdown, splitChunk, splitVector, split, top, touch


ReadAnyDatabase read-only permission for any database (similar to read)

ReadWriteAnyDatabase read and write permissions of any database (similar to readWrite)

UserAdminAnyDatabase management permissions of any database user (similar to userAdmin)

DbAdminAnyDatabase management permissions for any database (similar to dbAdmin)


For details, see the official documentation:


This article is from the "Wang Wei" blog. Please keep this source

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.