MongoDB in the latest version of the 2.4 User Rights Management made a new adjustment, the permissions are refined, enhanced security, more and more like the permissions of MySQL management.
Version user management prior to 2.4
1, create a database of management users
1.1, into the WEIW database:
>use Weiw;
1.2, add users (Read and write permissions, Readonly-->false):
>db.adduser ("Java", "Java"); default is to have all permissions on the WEIW database
>db.adduser ("Java1", "JAVA1", true); read-only access to this database
1.3. View All Users
>db.system.users.find ();
{"_id": ObjectId ("4e02a89fb841deb5fda3e5e2"), "user": "java", "readOnly": FA
LSE, "PWD": "59cf7cc156874cbd35cb00869126f569"}
1.4, delete the user
>db.system.users.remove ({User: "JAVA1"});
>db.removeuser ("JAVA1");
2. Create Super User
2.1, access to the admin database
>use Admin
2.2. All users created in admin are superuser and can manipulate any database
>db.adduser ("admin", "admin");
>db.adduser ("Admin1", "admin", true); read-only access to all databases
Two, after 2.4 version of the user Rights management this piece has improved, more and more like MySQL, we recommend the use of 2.4 after the rights management.
The 2.4 version of the rights management is mainly divided into: the operation of the database permissions, database user management rights, cluster management rights, recommended by the super user in the Admin database to manage these users. However, it is still compatible with the user management approach before version 2.4.
1, access to the admin database
>admin
2, add a read-only access to the app database, the App_log has read and write access to the user app, but do not have any permissions to the admin database, can not add any users.
>db.adduser ({
User: App,
PWD: ' 1q2w3e4r ',
Roles:[],
Otherdbroles:
{
App: [Read],
App_log: ["ReadWrite"]
}
})
>db.adduser ({User: ' app ', pwd: ' 1q2w3e4r ', roles:[' ReadWrite ']}) #对所在数据库有读写权限
3, view the user
> Db.system.users.find ()
{"_id": ObjectId ("528ac7d4bf62beb8249db527"), "user": "App", "pwd": "c5be065694f328e0ac6629e846d32e0f", "Roles": [], " Otherdbroles ": {" app ": [" read "]," App_log ": [" ReadWrite "]}}
The user is the user name, PWD is the password, roles specify the permissions that the user has, otherdbroles refers to the other database, in addition to roles permissions, the format is a dictionary.
The following is a description of the permissions in roles:
Read read-only permission for the specified database with the following permissions:
Aggregate,checkshardingindex,clonecollectionascapped,collstats
Count,datasize,dbhash,dbstats,distinct,filemd5
Geonear,geosearch,geowalk,group
MapReduce (inline output only.), text (Beta feature.)
ReadWrite has read-write access to the specified database and has the following permissions in addition to the Read permission:
Clonecollection (as the target database.), converttocapped
Create (and to create collections implicitly.)
Drop (), Dropindexes,emptycapped,ensureindex ()
Findandmodify,mapreduce (output to a collection.)
Renamecollection (within the Mahouve database.)
Read and ReadWrite are just the right to manipulate the tables in the library
Dbadmin Specify the administrative permissions for the database
clean,collmod,collstats,compact,converttocapped
Create,db.createcollection (), Dbstats,drop (), Dropindexes,ensureindex ()
Indexstats,profile,reindex,renamecollection (within a single database), validate
Useradmin user admin permissions for the specified database
Clusteradmin Cluster management rights (replica set, fragmentation, master-slave and other related management)
Addshard,closealldatabases,connpoolstats,connpoolsync,_cpuprofilerstart
_cpuprofilerstop,cursorinfo,diaglogging,dropdatabase
Enablesharding,flushrouterconfig,fsync,db.fsyncunlock ()
Getcmdlineopts,getlog,getparameter,getshardmap,getshardversion
Hostinfo,db.currentop (), Db.killop (), listdatabases,listshards
Logrotate,movechunk,moveprimary,netstat,removeshard,unsetsharding
Repairdatabase,replsetfreeze,replsetgetstatus,replsetinitiate
Replsetmaintenance,replsetreconfig,replsetstepdown,replsetsyncfrom
Resync,serverstatus,setparameter,setshardversion,shardcollection
Shardingstate,shutdown,splitchunk,splitvector,split,top,touch
Readanydatabase read-only permission for any database (similar to read)
Readwriteanydatabase Read and write access to any database (similar to ReadWrite)
Useradminanydatabase the administrative rights of any database user (similar to useradmin)
Dbadminanydatabase administrative permissions on any database (Dbadmin similar)
You can refer to the official documents in detail: http://docs.mongodb.org/manual/reference/method/db.addUser/
This article is from the "Wang Wei" blog, please be sure to keep this source http://wangwei007.blog.51cto.com/68019/1328186