MongoDB User Rights Management explanation

MongoDB in the latest version of the 2.4 User Rights Management made a new adjustment, the permissions are refined, enhanced security, more and more like the permissions of MySQL management.

Version user management prior to 2.4

1, create a database of management users

1.1, into the WEIW database:

>use Weiw;

1.2, add users (Read and write permissions, Readonly-->false):

>db.adduser ("Java", "Java"); default is to have all permissions on the WEIW database

>db.adduser ("Java1", "JAVA1", true); read-only access to this database

1.3. View All Users

>db.system.users.find ();

{"_id": ObjectId ("4e02a89fb841deb5fda3e5e2"), "user": "java", "readOnly": FA

LSE, "PWD": "59cf7cc156874cbd35cb00869126f569"}

1.4, delete the user

>db.system.users.remove ({User: "JAVA1"});

>db.removeuser ("JAVA1");

2. Create Super User

2.1, access to the admin database

>use Admin

2.2. All users created in admin are superuser and can manipulate any database

>db.adduser ("admin", "admin");

>db.adduser ("Admin1", "admin", true); read-only access to all databases

Two, after 2.4 version of the user Rights management this piece has improved, more and more like MySQL, we recommend the use of 2.4 after the rights management.

The 2.4 version of the rights management is mainly divided into: the operation of the database permissions, database user management rights, cluster management rights, recommended by the super user in the Admin database to manage these users. However, it is still compatible with the user management approach before version 2.4.

1, access to the admin database

>admin

2, add a read-only access to the app database, the App_log has read and write access to the user app, but do not have any permissions to the admin database, can not add any users.

>db.adduser ({

User: App,

PWD: ' 1q2w3e4r ',

Roles:[],

Otherdbroles:

{

App: [Read],

App_log: ["ReadWrite"]

}

})

>db.adduser ({User: ' app ', pwd: ' 1q2w3e4r ', roles:[' ReadWrite ']}) #对所在数据库有读写权限

3, view the user

> Db.system.users.find ()

{"_id": ObjectId ("528ac7d4bf62beb8249db527"), "user": "App", "pwd": "c5be065694f328e0ac6629e846d32e0f", "Roles": [], " Otherdbroles ": {" app ": [" read "]," App_log ": [" ReadWrite "]}}

The user is the user name, PWD is the password, roles specify the permissions that the user has, otherdbroles refers to the other database, in addition to roles permissions, the format is a dictionary.

The following is a description of the permissions in roles:

Read read-only permission for the specified database with the following permissions:

Aggregate,checkshardingindex,clonecollectionascapped,collstats

Count,datasize,dbhash,dbstats,distinct,filemd5

Geonear,geosearch,geowalk,group

MapReduce (inline output only.), text (Beta feature.)

ReadWrite has read-write access to the specified database and has the following permissions in addition to the Read permission:

Clonecollection (as the target database.), converttocapped

Create (and to create collections implicitly.)

Drop (), Dropindexes,emptycapped,ensureindex ()

Findandmodify,mapreduce (output to a collection.)

Renamecollection (within the Mahouve database.)

Read and ReadWrite are just the right to manipulate the tables in the library

Dbadmin Specify the administrative permissions for the database

clean,collmod,collstats,compact,converttocapped

Create,db.createcollection (), Dbstats,drop (), Dropindexes,ensureindex ()

Indexstats,profile,reindex,renamecollection (within a single database), validate

Useradmin user admin permissions for the specified database

Clusteradmin Cluster management rights (replica set, fragmentation, master-slave and other related management)

Addshard,closealldatabases,connpoolstats,connpoolsync,_cpuprofilerstart

_cpuprofilerstop,cursorinfo,diaglogging,dropdatabase

Enablesharding,flushrouterconfig,fsync,db.fsyncunlock ()

Getcmdlineopts,getlog,getparameter,getshardmap,getshardversion

Hostinfo,db.currentop (), Db.killop (), listdatabases,listshards

Logrotate,movechunk,moveprimary,netstat,removeshard,unsetsharding

Repairdatabase,replsetfreeze,replsetgetstatus,replsetinitiate

Replsetmaintenance,replsetreconfig,replsetstepdown,replsetsyncfrom

Resync,serverstatus,setparameter,setshardversion,shardcollection

Shardingstate,shutdown,splitchunk,splitvector,split,top,touch

Readanydatabase read-only permission for any database (similar to read)

Readwriteanydatabase Read and write access to any database (similar to ReadWrite)

Useradminanydatabase the administrative rights of any database user (similar to useradmin)

Dbadminanydatabase administrative permissions on any database (Dbadmin similar)

You can refer to the official documents in detail: http://docs.mongodb.org/manual/reference/method/db.addUser/

This article is from the "Wang Wei" blog, please be sure to keep this source http://wangwei007.blog.51cto.com/68019/1328186