mongodb 3.2 使用者權限管理配置

來源:互聯網
上載者:User

標籤:

環境

MongoDB shell version: 3.2.6

Win 7

設定方法使用者權限設定
  • 1、進入mongodb的shell : mongo

  • 2、切換資料庫: use admin

從3.0 版本起,預設只有 local 庫,沒有admin 庫,需要我們自己來建立。

  • 3、添加使用者,指定使用者的角色和資料庫:
  • db.createUser(    { user: "admin",      customData:{description:"superuser"},    pwd: "admin",      roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]    }  )  user欄位,為新使用者的名字;pwd欄位,使用者的密碼;cusomData欄位,為任意內容,例如可以為使用者全名介紹;roles欄位,指定使用者的角色,可以用一個空數組給新使用者設定空角色。在roles欄位,可以指定內建角色和使用者定義的角色。
  • 4、查看建立的使用者 : show users 或 db.system.users.find()

  • 5、啟用使用者權限:

 

修改設定檔,增加配置:

security:  authorization: enabled

重新啟動mongodb

net stop mongodb;net start mongodb;
  • 6、使用者驗證使用:

啟用使用者驗證後,再次登入mongo shell ,執行 show dbs 等命令會提示“沒有許可權”。此時,需要使用者驗證登入。

db.auth("admin","admin")
其他內建的角色
  1. 資料庫使用者角色:read、readWrite;
  2. 資料庫管理角色:dbAdmin、dbOwner、userAdmin;
  3. 叢集管理角色:clusterAdmin、clusterManager、clusterMonitor、hostManager;
  4. 備份恢複角色:backup、restore;
  5. 所有資料庫角色:readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase
  6. 超級使用者角色:root
  7. // 這裡還有幾個角色間接或直接提供了系統超級使用者的訪問(dbOwner 、userAdmin、userAdminAnyDatabase)
  8. 內部角色:__system

官方詳情角色說明 –> 傳送門

設定檔樣本

官方詳解 –> 傳送門

#此處為設定檔可配置的內容#Mongod config file #MongoDB configuration files use the YAML format.#The following example configuration file contains several mongod settings.#########Example Start#########systemLog:#   destination: file#   path: "/var/log/mongodb/mongodb.log"#   logAppend: true#storage:#   journal:#      enabled: true#processManagement:#   fork: true#net:#   bindIp: 127.0.0.1#   port: 27017#setParameter:#   enableLocalhostAuthBypass: false#########Example End#################Core OptionssystemLog:#   verbosity: 0    #Default: 0; 1 to 5 increases the verbosity level to include Debug messages.#   quiet: <boolean>#   traceAllException: <boolean>#   syslogFacility: user   path: "/usr/local/mongodb/log/mongod.log"   logAppend: true#   logRotate: <string>    #rename or reopen   destination: file#   timeStampFormat: iso8601-local#   component:#      accessControl:#         verbosity: 0#      command:#         verbosity: 0#      # COMMENT additional component verbosity settings omitted for brevity#      storage:#         verbosity: 0#         journal:#            verbosity: <int>#      write:#         verbosity: 0##########ProcessManagement OptionsprocessManagement:   fork: true   pidFilePath: "/usr/local/mongodb/log/mongod.pid"###########Net Optionsnet:   port: 27017#   bindIp: <string>    #Default All interfaces.#   maxIncomingConnections: 65536#   wireObjectCheck: true#   ipv6: false#   unixDomainSocket:#      enabled: true#      pathPrefix: "/tmp"#      filePermissions: 0700#   http:#      enabled: false#      JSONPEnabled: false#      RESTInterfaceEnabled: false#   ssl:#      sslOnNormalPorts: <boolean>  # deprecated since 2.6#      mode: <string>#      PEMKeyFile: <string>#      PEMKeyPassword: <string>#      clusterFile: <string>#      clusterPassword: <string>#      CAFile: <string>#      CRLFile: <string>#      allowConnectionsWithoutCertificates: <boolean>#      allowInvalidCertificates: <boolean>#      allowInvalidHostnames: false#      FIPSMode: <boolean>##########security Options#security:#   keyFile: <string>#   clusterAuthMode: keyFile#   authorization: disable#   javascriptEnabled:  true########security.sasl Options#   sasl:#      hostName: <string>#      serviceName: <string>#      saslauthdSocketPath: <string>###########setParameter OptionsetParameter:   enableLocalhostAuthBypass: false#   <parameter1>: <value1>#   <parameter2>: <value2>###########storage Optionsstorage:   dbPath: "/data/db"#   indexBuildRetry: true#   repairPath: "/data/db/_tmp"#   journal:#      enabled: true#   directoryPerDB: false#   syncPeriodSecs: 60   engine: "mmapv1"  #Valid options include mmapv1 and wiredTiger.#########storage.mmapv1 Options#   mmapv1:#      preallocDataFiles: true#      nsSize: 16#      quota:#         enforced: false#         maxFilesPerDB: 8#      smallFiles: false#      journal:#         debugFlags: <int>#         commitIntervalMs: 100   # 100 or 30#########storage.wiredTiger Options#   wiredTiger:#      engineConfig:#         cacheSizeGB: <number>  #Default: the maximum of half of physical RAM or 1 gigabyte#         statisticsLogDelaySecs: 0#         journalCompressor: "snappy"#         directoryForIndexes: false#      collectionConfig:#         blockCompressor: "snappy"#      indexConfig:#         prefixCompression: true############operationProfiling Options#operationProfiling:#   slowOpThresholdMs: 100#   mode: "off"############replication Options#replication:#   oplogSizeMB: <int>#   replSetName: <string>#   secondaryIndexPrefetch: all############sharding Options#sharding:#   clusterRole: <string>    #configsvr or shardsvr#   archiveMovedChunks: True###########auditLog Options#auditLog:#   destination: <string>   #syslog/console/file#   format: <string>   #JSON/BSON#   path: <string>#   filter: <string>###########snmp Options#snmp:#   subagent: <boolean>#   master: <boolean>##########mongos-only Options#replication:#   localPingThresholdMs: 15##sharding:#   autoSplit: true#   configDB: <string>#   chunkSize: 64##########Windows Service Options#processManagement:#   windowsService:#      serviceName: <string>#      displayName: <string>#      description: <string>#      serviceUser: <string>#      servicePassword: <string>

 

mongodb 3.2 使用者權限管理配置

相關文章

聯繫我們

該頁面正文內容均來源於網絡整理,並不代表阿里雲官方的觀點,該頁面所提到的產品和服務也與阿里云無關,如果該頁面內容對您造成了困擾,歡迎寫郵件給我們,收到郵件我們將在5個工作日內處理。

如果您發現本社區中有涉嫌抄襲的內容,歡迎發送郵件至: info-contact@alibabacloud.com 進行舉報並提供相關證據,工作人員會在 5 個工作天內聯絡您,一經查實,本站將立刻刪除涉嫌侵權內容。

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.