MongoDB User Rights configuration

The first time you install MONOGDB, there are no users in the admin database, and users in other databases (such as the test database) can manipulate the data in another database (such as the DB1 database) regardless of whether the database is started--auth.

> Show DBS

Local (empty)

#查看admin the user information in the database because it is a newly created database so user is empty!

> Use admin

Switched to DB admin

Created by Db.createuser ():

Db.createuser (

{

User: "Peiwouser",

PWD: "peiwo2015",

Roles

[

{

Role: "Dbowner",

DB: "Peiwo"

}

]

}

);

> MONGO

> Use admin

> Db.auth ("Root", "root")

1

Defined:

Create a database new user with the Db.createuser () method and return a user repeat error if the user exists.

Grammar:

Db.createuser (user, Writeconcern)

User This document creates identity authentication and access information about users;

Writeconcern This document describes a successful report that ensures that MongoDB provides write operations.

· The user document, which defines the following form of users:

{User: "<name>",

PWD: "<cleartext password>",

CustomData: {<any information>},

Roles: [

{role: ' <role> ', db: ' <database> '} | "<role>",

...

]

}

User document Field Description:

User field, the name of the new user;

PWD field, user's password;

Cusomdata field, for any content, for example, can be introduced to the user's full name;

Roles field, specify the user's role, you can use an empty array to set a null role for the new user;

In the Roles field, you can specify built-in roles and user-defined roles.

Built-in Roles (built-in role):

1. Database user role: Read, readWrite;

2. Database Management role: DbAdmin, Dbowner, useradmin;

3. Cluster Management role: Clusteradmin, Clustermanager, Clustermonitor, Hostmanager;

4. Backup Restore role: backups, restore;

5. All database roles: Readanydatabase, Readwriteanydatabase, Useradminanydatabase, dbadminanydatabase

6. Super User role: Root

There are also several roles that indirectly or directly provide access to the system's Superuser (Dbowner, Useradmin, Useradminanydatabase)

7. Internal role: __system

PS: You can click on the built-in role link above to view details about the permissions that each role has.

· Writeconcern documentation (Official note)

W options: Allowed values are 1, 0, values greater than 1, "majority", <tag set>;

J option: Ensure that the Mongod instance writes data to the journal (log) on disk, which ensures that no data is lost outside of the mongd. Set true to enable.

Wtimeout: Specifies a time limit, in milliseconds. The Wtimeout only applies to W values greater than 1.

For example: Create a user AccountAdmin01 in the products database and give the user the Admin database on the clusteradmin and readanydatabase roles, the products database on the ReadWrite role.

Use Products

Db.createuser ({"User": "AccountAdmin01",

"pwd": "Cleartext password",

"CustomData": {employeeid:12345},

"Roles": [{role: ' Clusteradmin ', db: ' admin '},

{role: "Readanydatabase", DB: "Admin"},

"ReadWrite"

] },

{w: "Majority", wtimeout:5000})

Verify:

Mongo-u accountadmin01-p Yourpassward--authenticationdatabase Products

Linux Remote Connection

/usr/local/mongodb/bin/mongo 127.0.0.1/peiwo-u Peiwouser-p

This article is from the "My Ops Time" blog, so be sure to keep this source http://aaronsa.blog.51cto.com/5157083/1741515

MongoDB User Rights configuration