Mongodb user permission management

In the latest version 2.4, mongodb has made all-new adjustments to user permission management, refining the permissions, enhancing security and becoming more and more like mysql permission management. I. Version user management before 2.4 1. Create a database

In the latest version 2.4, mongodb has made all-new adjustments to user permission management, refining the permissions, enhancing security and becoming more and more like mysql permission management. I. Version user management before 2.4 1. Create a database

In the latest version 2.4, mongodb has made all-new adjustments to user permission management, refining the permissions, enhancing security and becoming more and more like mysql permission management.

I. User Management for versions earlier than 2.4

1. Create a database administrator

1.1 enter the weiw database:

> Use weiw;

1.2 Add a user (read/write permission, readOnly --> false ):

> Db. addUser ("java", "java"); All weiw database permissions are granted by default.

> Db. addUser ("java1", "java1", true); read-only permission for this database

1.3 view all users

> Db. system. users. find ();

{"_ Id": ObjectId ("4e02a89fb841deb5fda3e5e2"), "user": "java", "readOnly": fa

Lse, "pwd": "59cf7cc156874cbd35cb00869126f569 "}

1.4 delete a user

> Db. system. users. remove ({user: "java1 "});

> Db. removeUser ("java1 ");

2. Create a Super User

2.1 enter the admin Database

> Use admin

2.2 All Users created in admin are superusers and can operate any database

> Db. addUser ("admin", "admin"); All Database permissions are granted by default.

> Db. addUser ("admin1", "admin", true); read-only permission for all databases

Ii. Versions later than 2.4 have improved user permission management, and are more and more like mysql. We recommend that you use permission management after 2.4.

2.4 permission management is divided into database operation permissions, database user management permissions, and cluster management permissions. It is recommended that super users manage these users in the admin database. However, it is still compatible with user management methods earlier than 2.4.

1. Enter the admin Database

> Admin

2. Add an app that has read-only permissions on the app database and has read and write permissions on app_log. However, the app does not have any operation permissions on the admin database and cannot add any users.

> Db. addUser ({

User: "app ",

Pwd: '1q2w3e4r ',

Roles: [],

OtherDBRoles:

{

App: ["read"],

App_log: ["readWrite"]

}

})

> Db. addUser ({user: 'app', pwd: '1q2w3e4r ', roles: ["readWrite"]}) # have read and write permissions on the database

3. View users

> Db. system. users. find ()

{"_ Id": ObjectId ("528ac7d4bf62beb4259db527"), "user": "app", "pwd": "role", "roles": [], "otherDBRoles ": {"app": ["read"], "app_log": ["readWrite"]}

When a user is added, the user name is the word, pwd is the password, roles specifies the permissions of the user, and otherDBRoles indicates the permissions of other databases except roles, the format is a dictionary.

Iii. Descriptions of permissions in roles:

Read: the read-only permission of a specified database. It has the following permissions:

Aggregate, checkShardingIndex, cloneCollectionAsCapped, collStats

Count, dataSize, dbHash, dbStats, distinct, filemd5

GeoNear, geoSearch, geoWalk, group

MapReduce (inline output only.), text (beta feature .)

ReadWrite has the read and write permissions for the specified database. In addition to the read permission, readWrite also has the following permissions:

CloneCollection (as the target database.), convertToCapped

Create (and to create collections implicitly .)

Drop (), dropIndexes, emptycapped, ensureIndex ()

FindAndModify, mapReduce (output to a collection .)

RenameCollection (within the same database .)

Read and readWrite operations on tables in the database

DbAdmin specifies the database management Permissions

Clean, collMod, collStats, compact, convertToCapped

Create, db. createCollection (), dbStats, drop (), dropIndexes, ensureIndex ()

IndexStats, profile, reIndex, renameCollection (within a single database.), validate

UserAdmin Specifies database user management Permissions

ClusterAdmin cluster management permissions (replica set, sharding, master-slave, and other related management)

AddShard, closeAllDatabases, connPoolStats, connPoolSync, _ cpuProfilerStart

_ CpuProfilerStop, cursorInfo, diagLogging, dropDatabase

EnableSharding, flushRouterConfig, fsync, db. fsyncUnlock ()

GetCmdLineOpts, getLog, getParameter, getShardMap, getShardVersion

HostInfo, db. currentOp (), db. killOp (), listDatabases, listShards

LogRotate, moveChunk, movePrimary, netstat, removeShard, unsetSharding

RepairDatabase, replSetFreeze, replSetGetStatus, replSetInitiate

ReplSetMaintenance, replSetReconfig, replSetStepDown, replSetSyncFrom

Resync, serverStatus, setParameter, setShardVersion, shardCollection

ShardingState, shutdown, splitChunk, splitVector, split, top, touch

ReadAnyDatabase read-only permission for any database (similar to read)

ReadWriteAnyDatabase read and write permissions of any database (similar to readWrite)

UserAdminAnyDatabase management permissions of any database user (similar to userAdmin)

DbAdminAnyDatabase management permissions for any database (similar to dbAdmin)

For details, see the official documentation:

This article is from the "Wang Wei" blog. Please keep this source