標籤:
環境
MongoDB shell version: 3.2.6
Win 7
設定方法使用者權限設定
從3.0 版本起,預設只有 local
庫,沒有admin
庫,需要我們自己來建立。
- 3、添加使用者,指定使用者的角色和資料庫:
db.createUser( { user: "admin", customData:{description:"superuser"}, pwd: "admin", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } ) user欄位,為新使用者的名字;pwd欄位,使用者的密碼;cusomData欄位,為任意內容,例如可以為使用者全名介紹;roles欄位,指定使用者的角色,可以用一個空數組給新使用者設定空角色。在roles欄位,可以指定內建角色和使用者定義的角色。
4、查看建立的使用者 : show users
或 db.system.users.find()
5、啟用使用者權限:
修改設定檔,增加配置:
security: authorization: enabled
重新啟動mongodb
net stop mongodb;net start mongodb;
啟用使用者驗證後,再次登入mongo shell ,執行 show dbs
等命令會提示“沒有許可權”。此時,需要使用者驗證登入。
db.auth("admin","admin")
其他內建的角色
- 資料庫使用者角色:read、readWrite;
- 資料庫管理角色:dbAdmin、dbOwner、userAdmin;
- 叢集管理角色:clusterAdmin、clusterManager、clusterMonitor、hostManager;
- 備份恢複角色:backup、restore;
- 所有資料庫角色:readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase
- 超級使用者角色:root
- // 這裡還有幾個角色間接或直接提供了系統超級使用者的訪問(dbOwner 、userAdmin、userAdminAnyDatabase)
- 內部角色:__system
官方詳情角色說明 –> 傳送門
設定檔樣本
官方詳解 –> 傳送門
#此處為設定檔可配置的內容#Mongod config file #MongoDB configuration files use the YAML format.#The following example configuration file contains several mongod settings.#########Example Start#########systemLog:# destination: file# path: "/var/log/mongodb/mongodb.log"# logAppend: true#storage:# journal:# enabled: true#processManagement:# fork: true#net:# bindIp: 127.0.0.1# port: 27017#setParameter:# enableLocalhostAuthBypass: false#########Example End#################Core OptionssystemLog:# verbosity: 0 #Default: 0; 1 to 5 increases the verbosity level to include Debug messages.# quiet: <boolean># traceAllException: <boolean># syslogFacility: user path: "/usr/local/mongodb/log/mongod.log" logAppend: true# logRotate: <string> #rename or reopen destination: file# timeStampFormat: iso8601-local# component:# accessControl:# verbosity: 0# command:# verbosity: 0# # COMMENT additional component verbosity settings omitted for brevity# storage:# verbosity: 0# journal:# verbosity: <int># write:# verbosity: 0##########ProcessManagement OptionsprocessManagement: fork: true pidFilePath: "/usr/local/mongodb/log/mongod.pid"###########Net Optionsnet: port: 27017# bindIp: <string> #Default All interfaces.# maxIncomingConnections: 65536# wireObjectCheck: true# ipv6: false# unixDomainSocket:# enabled: true# pathPrefix: "/tmp"# filePermissions: 0700# http:# enabled: false# JSONPEnabled: false# RESTInterfaceEnabled: false# ssl:# sslOnNormalPorts: <boolean> # deprecated since 2.6# mode: <string># PEMKeyFile: <string># PEMKeyPassword: <string># clusterFile: <string># clusterPassword: <string># CAFile: <string># CRLFile: <string># allowConnectionsWithoutCertificates: <boolean># allowInvalidCertificates: <boolean># allowInvalidHostnames: false# FIPSMode: <boolean>##########security Options#security:# keyFile: <string># clusterAuthMode: keyFile# authorization: disable# javascriptEnabled: true########security.sasl Options# sasl:# hostName: <string># serviceName: <string># saslauthdSocketPath: <string>###########setParameter OptionsetParameter: enableLocalhostAuthBypass: false# <parameter1>: <value1># <parameter2>: <value2>###########storage Optionsstorage: dbPath: "/data/db"# indexBuildRetry: true# repairPath: "/data/db/_tmp"# journal:# enabled: true# directoryPerDB: false# syncPeriodSecs: 60 engine: "mmapv1" #Valid options include mmapv1 and wiredTiger.#########storage.mmapv1 Options# mmapv1:# preallocDataFiles: true# nsSize: 16# quota:# enforced: false# maxFilesPerDB: 8# smallFiles: false# journal:# debugFlags: <int># commitIntervalMs: 100 # 100 or 30#########storage.wiredTiger Options# wiredTiger:# engineConfig:# cacheSizeGB: <number> #Default: the maximum of half of physical RAM or 1 gigabyte# statisticsLogDelaySecs: 0# journalCompressor: "snappy"# directoryForIndexes: false# collectionConfig:# blockCompressor: "snappy"# indexConfig:# prefixCompression: true############operationProfiling Options#operationProfiling:# slowOpThresholdMs: 100# mode: "off"############replication Options#replication:# oplogSizeMB: <int># replSetName: <string># secondaryIndexPrefetch: all############sharding Options#sharding:# clusterRole: <string> #configsvr or shardsvr# archiveMovedChunks: True###########auditLog Options#auditLog:# destination: <string> #syslog/console/file# format: <string> #JSON/BSON# path: <string># filter: <string>###########snmp Options#snmp:# subagent: <boolean># master: <boolean>##########mongos-only Options#replication:# localPingThresholdMs: 15##sharding:# autoSplit: true# configDB: <string># chunkSize: 64##########Windows Service Options#processManagement:# windowsService:# serviceName: <string># displayName: <string># description: <string># serviceUser: <string># servicePassword: <string>
mongodb 3.2 使用者權限管理配置