您好,登錄后才能下訂單哦!
這篇文章主要介紹了mongodb基礎(chǔ)之用戶權(quán)限管理的示例分析,具有一定借鑒價(jià)值,感興趣的朋友可以參考下,希望大家閱讀完這篇文章之后大有收獲,下面讓小編帶著大家一起了解一下。
啟動(dòng)mongodb并連接
./bin/mongod -f conf/mongod.conf ./bin/mongo 127.0.0.1:12345
查看默認(rèn)的數(shù)據(jù)庫(kù)情況
> show dbs admin 0.000GB local 0.000GB > use admin switched to db admin > show tables system.version
可以看到,目前數(shù)據(jù)庫(kù)里除了一些基本信息,什么都沒有
在創(chuàng)建設(shè)置用戶權(quán)限之前,先了解一下文檔知識(shí)
創(chuàng)建用戶
# demo db.createUser( { user: "reportsUser", pwd: "12345678", roles: [ { role: "read", db: "reporting" }, { role: "read", db: "products" }, { role: "read", db: "sales" }, { role: "readWrite", db: "accounts" } ] } )
數(shù)據(jù)庫(kù)內(nèi)建角色
數(shù)據(jù)庫(kù)用戶角色
read (讀取指定數(shù)據(jù)庫(kù))
readWrite (讀寫指定數(shù)據(jù)庫(kù))
數(shù)據(jù)庫(kù)管理角色
dbAdmin (數(shù)據(jù)庫(kù)管理員)
dbOwner (數(shù)據(jù)庫(kù)所有者,合并了 readWrite, dbAdmin and userAdmin roles.)
userAdmin (用戶管理員,可以找指定數(shù)據(jù)庫(kù)里創(chuàng)建、刪除和管理用戶)
集群管理角色
clusterAdmin (集群管理員)
clusterManager (集群管理者)
clusterMonitor (集合監(jiān)視者)
hostManager (主機(jī)管理者)
備份恢復(fù)角色
backup (備份)
restore (還原)
所有數(shù)據(jù)庫(kù)角色
readAnyDatabase (讀任何數(shù)據(jù)庫(kù))
readWriteAnyDatabase (讀寫任何數(shù)據(jù)庫(kù))
userAdminAnyDatabase (用戶管理任何數(shù)據(jù)庫(kù))
dbAdminAnyDatabase (任意數(shù)據(jù)庫(kù)管理員)
超級(jí)用戶角色
root
內(nèi)部角色
__system
有了創(chuàng)建語(yǔ)法,和參數(shù)說(shuō)明,接下來(lái)開始實(shí)踐.
注意,還有一點(diǎn),賬號(hào)是跟著數(shù)據(jù)庫(kù)綁定的,在那個(gè)庫(kù)里授權(quán),就在那個(gè)庫(kù)里驗(yàn)證(auth)
否則會(huì)失敗
創(chuàng)建 賬號(hào)管理授權(quán)權(quán)限 的賬號(hào)
> db.createUser( ... { ... user: 'admin', ... pwd: '123456', ... roles: [{role: 'userAdminAnyDatabase', db: 'admin'}] ... } ... ) Successfully added user: { "user" : "admin", "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" } ] }
然后退出數(shù)據(jù)庫(kù)
> use admin switched to db admin > db.shutdownServer()
重新啟動(dòng)mongodb,記得在配置文件mongod.conf里加上 auth = true
./bin/mongod -f conf/mongod.conf ./bin/mongo 127.0.0.1:12345 > show dbs # 沒有驗(yàn)證,沒有權(quán)限,會(huì)出錯(cuò) "errmsg" : "not authorized on admin to execute command > use admin > db.auth('admin', '123456') 1 # 返回 1 表示授權(quán)成功,0表示失敗 > show dbs #已經(jīng)授權(quán),可以查看了
創(chuàng)建 讀、讀寫權(quán)限的賬戶
> use book switched to db book > db.createUser( ... { ... user: 'zhangsan', ... pwd: 'zhangsan', ... roles: [{role: 'read', db: 'book'}] ... } ... ) Successfully added user: { "user" : "zhangsan", "roles" : [ { "role" : "read", "db" : "book" } ] } > db.createUser( ... { ... user: 'lisi', ... pwd: 'lisi', ... roles: [{role: 'readWrite', db: 'book'}] ... } ... ) Successfully added user: { "user" : "lisi", "roles" : [ { "role" : "readWrite", "db" : "book" } ] } > show users { "_id" : "book.lisi", "user" : "lisi", "db" : "book", "roles" : [ { "role" : "readWrite", "db" : "book" } ] } { "_id" : "book.zhangsan", "user" : "zhangsan", "db" : "book", "roles" : [ { "role" : "read", "db" : "book" } ] }
然后驗(yàn)證用戶權(quán)限是否正確
> db.book.insert({book: '小人書'}) # 沒驗(yàn)證,會(huì)出錯(cuò) WriteResult({ "writeError" : { "code" : 13, "errmsg" : "not authorized on book to execute command { insert: \"book\", docum ents: [ { _id: ObjectId('5959b56edcc047dfe5c9b336'), book: \"小人書\" } ], ordered: true }" } }) > db.auth('lisi', 'lisi') 1 > db.book.insert({book: '小人書'}) WriteResult({ "nInserted" : 1 }) > db.auth('zhangsan', 'zhangsan') # 用戶切到 zhangsan 1 > db.book.find() # 可以查看 { "_id" : ObjectId("5959b59fdcc047dfe5c9b337"), "book" : "小人書" } > db.book.insert({book: '擇天記'}) # 沒有write權(quán)限,會(huì)失敗 WriteResult({ "writeError" : { "code" : 13, "errmsg" : "not authorized on book to execute command { insert: \"book\", docum ents: [ { _id: ObjectId('5959b650dcc047dfe5c9b338'), book: \"擇天記\" } ], ordered: true }" } })
創(chuàng)建 root 超級(jí)權(quán)限賬號(hào)
這個(gè)超級(jí)權(quán)限包括 授權(quán) 和 操控?cái)?shù)據(jù)庫(kù)集合數(shù)據(jù),比較簡(jiǎn)單,只需要把role設(shè)置成 root
> use admin switched to db admin > db.auth('admin', '123456') 1 > db.createUser( ... { ... user: 'dongsheng', ... pwd: '123456', ... roles: [{role: 'root', db: 'admin'}] ... } ... ) Successfully added user: { "user" : "dongsheng", "roles" : [ { "role" : "root", "db" : "admin" } ] } > db.auth('dongsheng', '123456') 1 > use book switched to db book > db.book.insert({book: '笑傲江湖'}) WriteResult({ "nInserted" : 1 }) > db.book.find() { "_id" : ObjectId("5959b59fdcc047dfe5c9b337"), "book" : "小人書" } { "_id" : ObjectId("5959b7abdcc047dfe5c9b339"), "book" : "笑傲江湖" }
感謝你能夠認(rèn)真閱讀完這篇文章,希望小編分享的“mongodb基礎(chǔ)之用戶權(quán)限管理的示例分析”這篇文章對(duì)大家有幫助,同時(shí)也希望大家多多支持億速云,關(guān)注億速云行業(yè)資訊頻道,更多相關(guān)知識(shí)等著你來(lái)學(xué)習(xí)!
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。