当前位置:网站首页>User management summary of mongodb
User management summary of mongodb
2022-07-07 13:12:00 【cui_ yonghua】
The basic chapter ( Can solve the problem of 80% The problem of ):
MongoDB data type 、 Key concepts and shell Commonly used instructions
MongoDB Various additions to documents 、 to update 、 Delete operation summary
Advanced :
Other :
One . mongodb user
1.1 User management interface
To add users , You can use MongoDB Provided db.createUser() Method . When adding users , Users can be assigned roles to grant permissions .
Be careful : The first user created in the database should be a user administrator with the authority to manage other users .
You can also update existing users , For example, changing passwords and granting or revoking roles .
1.2 Verify database
When adding users , You can create users in a specific database . The database is the database of user authentication .
Users can have permissions across different databases ; That is, the user's authority is not limited to the authentication database . By assigning user roles to other databases , Users created in one database can have operation permissions on other databases .
The user name and authentication database are used as the unique identifier of the user . in other words , If two users have the same name , But create... In a different database , They are two different users . If you plan to have a single user with multiple database permissions , Create a single user with a role in the applicable database , Instead of creating users multiple times in different databases .
1.3 Authenticated user
To authenticate users , You can also connect to mongod or mongos Use the command line authentication option when instantiating ( for example :-u,-p,–authenticationDatabase) First connect to mongod or mongos example , Then run against the authentication database authenticate Order or db.auth() Method .
To authenticate , The client must authenticate the user's authentication database .
for example , If you use mongo shell As a client , You can use –authenticationDatabase Option to specify the authentication database for the user .
Two 、 Configure account and password
2.1 Open authentication
MongoDB After the default installation , Only local connections are allowed , At the same time, you can connect directly without using any account and password MongoDB, In this way, it is easy to be hacked , Let's pay some bitcoin , So in order to avoid these unnecessary troubles , So we need to give Mongo Set an account password ;
2.2 Create administrator user
> use admin
switched to db admin
> db.createUser({
user:"admin",pwd:"password",roles:["root"]})
Successfully added user: {
"user" : "admin", "roles" : [ "root" ] }
2.3 Authentication login
> db.auth("admin", "password")
2.4 MongoDB role type
Database user role (Database User Roles)
read
: grant User Access to read-only data
readWrite
: grant User Access to read and write data
Database management role (Database Administration Roles):
dbAdmin
: At present dB To perform management operations
dbOwner
: At present DB Arbitrary operation in
userAdmin
: At present DB In the management User
Backup and restore roles (Backup and Restoration Roles):
backup
restore
Cross library roles (All-Database Roles):
readAnyDatabase
: Grant permission to read data on all databases
readWriteAnyDatabase
: Grant permission to read and write data on all databases
userAdminAnyDatabase
: Grant administration on all databases User Authority
dbAdminAnyDatabase
: Grant permission to manage all databases
The role of cluster management (Cluster Administration Roles):
clusterAdmin
: Grant the highest authority to manage the cluster
clusterManager
: Grant authority to manage and monitor clusters ,A user with this role can access the config and local databases, which are used in sharding and replication, respectively.
clusterMonitor
: Grant monitoring cluster permission , The monitoring tool has readonly Authority
hostManager
: management Server
2.5 Add database users
> use flowpp
switched to db flowpp
> db.createUser({
user: "flowpp", pwd: "flopww", roles: [{
role: "dbOwner", db: "flowpp" }]}) # Create user flowpp, Set the password flopww, Set up characters dbOwner
2.6 View system users
> use admin
switched to db admin
> db.system.users.find() # Display the current system user
{
"_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000, "salt" : "9jXmylyRAK22TZmzv1Thig==", "storedKey" : "z76cVrBjX/CTFmn5RujtU+dz7Nw=", "serverKey" : "JQGonM84iDMI1nIXW7FdyOE55ig=" } }, "roles" : [ {
"role" : "root", "db" : "admin" } ] }
{
"_id" : "flowpp.flowpp", "user" : "flowpp", "db" : "flowpp", "credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000, "salt" : "KvocqWZA9E2tXBHpKpdAeQ==", "storedKey" : "50Kxc3LEgCSVN1z16S8g4A6jVp8=", "serverKey" : "0RSnsxd/7Yzmqro/YOHf/kfbHCk=" } }, "roles" : [ {
"role" : "dbOwner", "db" : "flowpp" } ] }
2.7 Delete user
# When deleting a user, you need to switch to the database managed by the user before deleting ;
1. Switch admin , Delete user flowpp , Delete failed > use admin
switched to db admin
> db.dropUser("flowpp")
false2. Switch flowpp , Delete user flowpp, Delete successful
> use flowpp
switched to db flowpp
> db.dropUser("flowpp")
true
边栏推荐
- regular expression
- MongoDB 分片总结
- .Net下極限生產力之efcore分錶分庫全自動化遷移CodeFirst
- Sample chapter of "uncover the secrets of asp.net core 6 framework" [200 pages /5 chapters]
- 滑轨步进电机调试(全国海洋航行器大赛)(STM32主控)
- ISPRS2021/遥感影像云检测:一种地理信息驱动的方法和一种新的大规模遥感云/雪检测数据集
- 达晨与小米投的凌云光上市:市值153亿 为机器植入眼睛和大脑
- 认养一头牛冲刺A股:拟募资18.5亿 徐晓波持股近40%
- TPG x AIDU|AI领军人才招募计划进行中!
- 日本政企员工喝醉丢失46万信息U盘,公开道歉又透露密码规则
猜你喜欢
Vscode编辑器ESP32头文件波浪线不跳转彻底解决
Go语言学习笔记-结构体(Struct)
Aosikang biological sprint scientific innovation board of Hillhouse Investment: annual revenue of 450million yuan, lost cooperation with kangxinuo
为租客提供帮助
ESP32构解工程添加组件
自定义线程池拒绝策略
Awk of three swordsmen in text processing
ISPRS2021/遥感影像云检测:一种地理信息驱动的方法和一种新的大规模遥感云/雪检测数据集
分布式事务解决方案
Milkdown 控件图标
随机推荐
Query whether a field has an index with MySQL
博文推荐|Apache Pulsar 跨地域复制方案选型实践
JS判断一个对象是否为空
Sed of three swordsmen in text processing
error LNK2019: 无法解析的外部符号
LIS 最长上升子序列问题(动态规划、贪心+二分)
PAcP learning note 1: programming with pcap
如何让electorn打开的新窗口在window任务栏上面
The difference between cache and buffer
ISPRS2021/遥感影像云检测:一种地理信息驱动的方法和一种新的大规模遥感云/雪检测数据集
10 张图打开 CPU 缓存一致性的大门
ESP32 ① 编译环境
TPG x AIDU|AI领军人才招募计划进行中!
Day26 IP query items
Initialization script
Analysis of DHCP dynamic host setting protocol
Unity build error: the name "editorutility" does not exist in the current context
AUTOCAD——大于180度的角度标注、CAD直径符号怎么输入?
【黑马早报】华为辟谣“军师”陈春花;恒驰5预售价17.9万元;周杰伦新专辑MV 3小时播放量破亿;法华寺回应万元月薪招人...
[Presto profile series] timeline use