User management summary of mongodb

The basic chapter （ Can solve the problem of 80% The problem of ）:

1. MongoDB Overview 、 Application scenarios 、 Download mode 、 Connection mode and development history, etc

2. MongoDB data type 、 Key concepts and shell Commonly used instructions

3. MongoDB Various additions to documents 、 to update 、 Delete operation summary

4. MongoDB Summary of various query operations

5. MongoDB Summarize the various operations of the column

6. MongoDB Summary of index operations in

Advanced :

7. MongoDB Summary of aggregation operations

8. MongoDB Import and export of 、 Backup recovery summary

9. MongoDB Summary of user management

10. MongoDB Copy （ Replica set ） summary

11. MongoDB Slice summary

12. MongoDB meet spark（ Integration ）

13. MongoDB Internal storage principle

Other :

14. python3 operation MongoDB Various cases of

15. MongoDB Command summary

One . mongodb user

1.1 User management interface

To add users , You can use MongoDB Provided db.createUser() Method . When adding users , Users can be assigned roles to grant permissions .

Be careful ： The first user created in the database should be a user administrator with the authority to manage other users .

You can also update existing users , For example, changing passwords and granting or revoking roles .

1.2 Verify database

When adding users , You can create users in a specific database . The database is the database of user authentication .

Users can have permissions across different databases ; That is, the user's authority is not limited to the authentication database . By assigning user roles to other databases , Users created in one database can have operation permissions on other databases .

The user name and authentication database are used as the unique identifier of the user . in other words , If two users have the same name , But create... In a different database , They are two different users . If you plan to have a single user with multiple database permissions , Create a single user with a role in the applicable database , Instead of creating users multiple times in different databases .

1.3 Authenticated user

To authenticate users , You can also connect to mongod or mongos Use the command line authentication option when instantiating ( for example ：-u,-p,–authenticationDatabase) First connect to mongod or mongos example , Then run against the authentication database authenticate Order or db.auth() Method .

To authenticate , The client must authenticate the user's authentication database .
for example , If you use mongo shell As a client , You can use –authenticationDatabase Option to specify the authentication database for the user .

Two 、 Configure account and password

2.1 Open authentication

MongoDB After the default installation , Only local connections are allowed , At the same time, you can connect directly without using any account and password MongoDB, In this way, it is easy to be hacked , Let's pay some bitcoin , So in order to avoid these unnecessary troubles , So we need to give Mongo Set an account password ;

2.2 Create administrator user

> use admin
switched to db admin
> db.createUser({
    user:"admin",pwd:"password",roles:["root"]})
Successfully added user: {
     "user" : "admin", "roles" : [ "root" ] }

2.3 Authentication login

> db.auth("admin", "password")

2.4 MongoDB role type

Database user role （Database User Roles）
　　　　read： grant User Access to read-only data
　　　　readWrite： grant User Access to read and write data

Database management role （Database Administration Roles）：
　　　　dbAdmin： At present dB To perform management operations
　　　　dbOwner： At present DB Arbitrary operation in
　　　　userAdmin： At present DB In the management User

Backup and restore roles （Backup and Restoration Roles）：
　　　　backup
　　　　restore

Cross library roles （All-Database Roles）：
　　　　readAnyDatabase： Grant permission to read data on all databases
　　　　readWriteAnyDatabase： Grant permission to read and write data on all databases
　　　　userAdminAnyDatabase： Grant administration on all databases User Authority
　　　　dbAdminAnyDatabase： Grant permission to manage all databases

The role of cluster management （Cluster Administration Roles）：
　　　　clusterAdmin： Grant the highest authority to manage the cluster
　　　　clusterManager： Grant authority to manage and monitor clusters ,A user with this role can access the config and local databases, which are used in sharding and replication, respectively.
　　　　clusterMonitor： Grant monitoring cluster permission , The monitoring tool has readonly Authority
　　　　hostManager： management Server

2.5 Add database users

> use flowpp
switched to db flowpp
> db.createUser({
    user: "flowpp", pwd: "flopww", roles: [{
     role: "dbOwner", db: "flowpp" }]})   #  Create user flowpp, Set the password flopww, Set up characters dbOwner

2.6 View system users

> use admin
switched to db admin
> db.system.users.find()  #  Display the current system user 
{
     "_id" : "admin.admin", "user" : "admin", "db" : "admin", "credentials" : {
     "SCRAM-SHA-1" : {
     "iterationCount" : 10000, "salt" : "9jXmylyRAK22TZmzv1Thig==", "storedKey" : "z76cVrBjX/CTFmn5RujtU+dz7Nw=", "serverKey" : "JQGonM84iDMI1nIXW7FdyOE55ig=" } }, "roles" : [ {
     "role" : "root", "db" : "admin" } ] }
{
     "_id" : "flowpp.flowpp", "user" : "flowpp", "db" : "flowpp", "credentials" : {
     "SCRAM-SHA-1" : {
     "iterationCount" : 10000, "salt" : "KvocqWZA9E2tXBHpKpdAeQ==", "storedKey" : "50Kxc3LEgCSVN1z16S8g4A6jVp8=", "serverKey" : "0RSnsxd/7Yzmqro/YOHf/kfbHCk=" } }, "roles" : [ {
     "role" : "dbOwner", "db" : "flowpp" } ] }

2.7 Delete user

#  When deleting a user, you need to switch to the database managed by the user before deleting ;
1. Switch admin , Delete user flowpp , Delete failed > use admin
switched to db admin
> db.dropUser("flowpp")
false2. Switch flowpp , Delete user flowpp, Delete successful 
> use flowpp
switched to db flowpp
> db.dropUser("flowpp")
true