隐私政策
留言板
金色传说
kubernetes
terraform
云生原
helm
代码编程
Java
Python
Shell
DevOps
Ansible
Gitlab
Jenkins
运维
老司机
Linux 杂锦
Nginx
数据库
elasticsearch
监控
上帝视角
DJI FPV
DJI mini 3 pro
关于本站共计 2772 个字符,预计需要花费 7 分钟才能阅读完成。
用户角色
数据库用户角色(Database User Roles)
- read : 授权User只读数据的权限,允许用户读取指定的数据库
- readWrite 授权User读/写数据的权限,允许用户读/写指定的数据库
数据库管理角色(Database Admininstration Roles)
- dbAdmin:在当前的数据库中执行管理操作,如索引的创建、删除、统计、查看等
- dbOwner:在当前的数据库中执行任意操作,增、删、改、查等
- dbOwner:在当前的数据库中执行任意操作,增、删、改、查等
- userAdmin :在当前的数据库中管理User,创建、删除和管理用户。
备份和还原角色(Backup and Restoration Roles)
- backup
- restore
跨库角色(All-Database Roles)
- readAnyDatabase:授权在所有的数据库上读取数据的权限,只在admin 中可用
- readWriteAnyDatabase:授权在所有的数据库上读写数据的权限,只在admin 中可用
- userAdminAnyDatabase:授权在所有的数据库上管理User的权限,只在admin中可用
- dbAdminAnyDatabase: 授权管理所有数据库的权限,只在admin 中可用
集群管理角色(Cluster Administration Roles)
- clusterAdmin:授权管理集群的最高权限,只在admin中可用
- clusterManager:授权管理和监控集群的权限
- clusterMonoitor:授权监控集群的权限,对监控工具具有readonly的权限
- hostManager:管理server
超级角色(super master Roles)
- root :超级账户和权限,只在admin中可用
参考链接:官方链接
用户创建
确保配置文件开启安全认证功能
cat /mongodb/conf/mongodb.conf
....
security:
authorization: enabled
....创建用户语法
db.createUser(
{
user: "<name>",
pwd: "<cleartext password>",
roles: [
{ role: "<role>",
db: "<database>" } | "<role>",
...
]
}
)创建普通用户
# 创建单库权限用户
use test
db.createUser(
{
user: "usertest",
pwd: "user123",
roles: [ { role: "read", db: "test" } ]
}
)
# 创建多库读写权限用户
use app
db.createUser(
{
user: "app03",
pwd: "app03",
roles: [ { role: "readWrite", db: "app" },
{ role: "read", db: "test" }
]
}
)创建管理用户
# 必须use admin再去创建
use admin
db.createUser(
{
user: "root",
pwd: "root123",
roles: [ { role: "root", db: "admin" } ]
}
)修改用户
1.修改用户密码
# 方式一
db.changeUserPassword("user123","changepwd")
# 方式二
db.updateUser("user123",{pwd:"changepwd"})用户删除
db.dropUser('user123')用户授权
更新用户
db.updateUser(
{
user: "user123",
roles: [ { role: "read", db: "test" } ]
}
)
# 查看用户信息
show users增加权限
db.grantRolesToUser(
{
user: "user123",
roles: [ { role: "read", db: "test" }, { role: "readWrite", db: "test" }]
}
)回收权限
db.revokeRolesFromUser(
{
user: "user123",
roles: [ { role: "read", db: "test" }]
}
)查看用户信息
> db.system.users.find().pretty()
{
"_id" : "admin.root",
"user" : "root",
"db" : "admin",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "cK+x0qUELb5M2IyL5ledLA==",
"storedKey" : "SyD1q88+XgN63/h4qYLmxH3yDqw=",
"serverKey" : "NWXPh02yLrNi3HnsQEnnkeRwkdY="
}
},
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
{
"_id" : "app.admin",
"user" : "admin",
"db" : "app",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "MTwkFFEvqmbq7POuP3OnWg==",
"storedKey" : "CX7LE289+aqPNWlEing/WDZX31Q=",
"serverKey" : "rFeWZN6RSoduneD9UKT0+43nOBE="
}
},
"roles" : [
{
"role" : "dbAdmin",
"db" : "app"
}
]
}
{
"_id" : "app.app01",
"user" : "app01",
"db" : "app",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "Hz+td7/Y/dL+UE0a0aIXcw==",
"storedKey" : "q4SHv2QQansJo/DKjdcS94zilh8=",
"serverKey" : "54WkVA3nSAFMiM/sM9nsr7ureDU="
}
},
"roles" : [
{
"role" : "readWrite",
"db" : "app"
}
]
}
{
"_id" : "app.app03",
"user" : "app03",
"db" : "app",
"credentials" : {
"SCRAM-SHA-1" : {
"iterationCount" : 10000,
"salt" : "vmpngvlJ2O+mEvGSre8vyA==",
"storedKey" : "Mti7WZugvVT7arMUF5QS/asQiO0=",
"serverKey" : "h7UKso1UvCCwPmfu3yZ0ejytL7w="
}
},
"roles" : [
{
"role" : "readWrite",
"db" : "app"
},
{
"role" : "read",
"db" : "test"
}
]
}
正文完
