溫馨提示×
您好,登錄后才能下訂單哦!
點擊 登錄注冊 即表示同意《億速云用戶服務條款》
您好,登錄后才能下訂單哦!
本篇文章為大家展示了如何創建mongodb用戶與角色使用,內容簡明扼要并且容易理解,絕對能使你眼前一亮,通過這篇文章的詳細介紹希望你能有所收獲。
一.mongodb內部角色
1.數據庫用戶角色
read --讀取數據庫對像的權限
readWrite --讀取和修改數據庫對像權限
2.數據庫管理角色
dbAdmin --執行管理任務角色
dbOwner --數據庫所有者,可以對數據庫所有操作
userAdmin --當前數據庫上創建,修改角色和用戶功能
3.集群管理角色
clusterAdmin --集群管理員
clusterManager --管理集群和監控
clusterMonitor --監控集群和只讀訪問
hostManager --監控和管理服務器功能
4.備份恢復角色
backup --備份數據最小權限
restore --恢復權限
5.所有數據庫角色
readAnyDatabase --只讀所有數據庫角色
readWriteAnyDatabase --讀寫所有數據庫
userAdminAnyDatabase --除local之外的所有數據庫相同的用戶管理操作訪問權限
dbAdminAnyDatabase --除local之外的所有數據庫相同的權限
6.超級用戶角色
root --提供所有資源readWriteAnyDatabase,dbAdminAnyDatabase,userAdminAnyDatabase,clusterAdmin,restore,backup
7.內部角色
__system --提供對數據庫中的任何對象執行任何操作的權限
二.自定義角色
1.自定義角色格式
{
role: "<name>",
privileges: [
{ resource: { <resource> }, actions: [ "<action>", ... ] },
...
],
roles: [
{ role: "<role>", db: "<database>" } | "<role>",
...
],
authenticationRestrictions: [
{
clientSource: ["<IP>" | "<CIDR range>", ...],
serverAddress: ["<IP>" | "<CIDR range>", ...]
},
...
]
}2.自定義角色(對config庫所有表可以增刪改查,對users庫usersCollection表更新,插入,刪除,對所有數據庫有查找權限)
> use admin
switched to db admin
> db.createRole(
{
role: "wuhan123", --角色名
privileges: [
{ resource: { db: "config", collection: "" }, actions: [ "find", "update", "insert", "remove" ] },
{ resource: { db: "users", collection: "usersCollection" }, actions: [ "update", "insert", "remove" ] },
{ resource: { db: "", collection: "" }, actions: [ "find" ] }
],
roles: [
{ role: "read", db: "admin" }
]
}
)
>3.列出角色和刪除角色
> db.getRole("wuhan123") --顯示單個角色信息(wuhan123是角色名)
{
"role" : "wuhan123",
"db" : "admin",
"isBuiltin" : false,
"roles" : [
{
"role" : "read",
"db" : "admin"
}
],
"inheritedRoles" : [
{
"role" : "read",
"db" : "admin"
}
]
}
> db.getRoles() --顯示當前庫所有角色
[
{
"role" : "wuhan123",
"db" : "admin",
"isBuiltin" : false,
"roles" : [
{
"role" : "read",
"db" : "admin"
}
],
"inheritedRoles" : [
{
"role" : "read",
"db" : "admin"
}
]
}
]
> db.dropRole("wuhan123"); --刪除角色
true
> db.dropAllRoles(); --刪除所有角色
NumberLong(1)
>三.創建用戶并使用角色
1.創建用戶格式
{
user: "<name>",
pwd: "<cleartext password>",
customData: { <any information> },
roles: [
{ role: "<role>", db: "<database>" } | "<role>",
...
],
authenticationRestrictions: [
{
clientSource: ["<IP>" | "<CIDR range>", ...]
serverAddress: ["<IP>" | "<CIDR range>", ...]
},
...
],
mechanisms: [ "<SCRAM-SHA-1|SCRAM-SHA-256>", ... ],
passwordDigestor: "<server|client>"
}2.創建用戶使用角色
> use tong --進入數據庫
switched to db tong
> db.createUser(
... {
... user: "u_tong", --指定用戶名
... pwd: "system123", --指定密碼
... roles: [ "readWrite", "dbAdmin" ] --使用數據庫中的角色
... }
... )
Successfully added user: { "user" : "u_tong", "roles" : [ "readWrite", "dbAdmin" ] }
>2.創建用戶指定來源IP和目標IP
> use tong
switched to db tong
> db.createUser(
{
user: "u1_tong", --用戶名
pwd: "system123", --密碼
roles: [ { role: "readWrite", db: "tong" } ], --角色
authenticationRestrictions: [ {
clientSource: ["192.168.1.10"], --客戶端IP
serverAddress: ["192.168.1.20"] --服務端IP
} ]
}
)>3.查看用戶和刪除用戶
> db.getUsers(); --查看當前數據庫所有用戶
[
{
"_id" : "tong.u1_tong",
"user" : "u1_tong",
"db" : "tong",
"roles" : [
{
"role" : "readWrite",
"db" : "tong"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
},
{
"_id" : "tong.u_tong",
"user" : "u_tong",
"db" : "tong",
"roles" : [
{
"role" : "readWrite",
"db" : "tong"
},
{
"role" : "dbAdmin",
"db" : "tong"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
]
> db.getUser("u_tong"); --查看指定用戶
{
"_id" : "tong.u_tong",
"user" : "u_tong",
"db" : "tong",
"roles" : [
{
"role" : "readWrite",
"db" : "tong"
},
{
"role" : "dbAdmin",
"db" : "tong"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
> db.dropUser("u_tong"); --刪除單個用戶
true
> db.dropAllUsers(); --刪除當前庫所有用戶
NumberLong(1)
>4.將角色授權給用戶
> db.grantRolesToUser(
"u_tong",[ "readWrite" , { role: "read", db: "tong" } ],
> )上述內容就是如何創建mongodb用戶與角色使用,你們學到知識或技能了嗎?如果還想學到更多技能或者豐富自己的知識儲備,歡迎關注億速云行業資訊頻道。
免責聲明:本站發布的內容(圖片、視頻和文字)以原創、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。
