mongodb的用户管理

 

 

注意一点帐号是跟着库走的,所以在指定库里授权,必须也在指定库里验证(auth)

 

 #########################################################

1,查看用户:

 

sys:PRIMARY> db.getUser("sys_wr")
{
        "_id" : "admin.sys_wr",
        "userId" : UUID("0b1c20c4-c7c9-401e-865a-3c6601b8fdea"),
        "user" : "sys_wr",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "sys_rl",
                        "db" : "admin"
                }
        ]
}
sys:PRIMARY> db.getRole("sys_rl",{showPrivileges:true});
{
        "role" : "sys_rl",
        "db" : "admin",
        "isBuiltin" : false,
        "roles" : [ ],
        "inheritedRoles" : [ ],
        "privileges" : [
                {
                        "resource" : {
                                "db" : "sys",
                                "collection" : ""
                        },
                        "actions" : [
                                "collStats",
                                "dbHash",
                                "dbStats",
                                "find",
                                "insert",
                                "killCursors",
                                "listCollections",
                                "listIndexes",
                                "remove",
                                "update"
                        ]
                }
        ],
        "inheritedPrivileges" : [
                {
                        "resource" : {
                                "db" : "sys",
                                "collection" : ""
                        },
                        "actions" : [
                                "collStats",
                                "dbHash",
                                "dbStats",
                                "find",
                                "insert",
                                "killCursors",
                                "listCollections",
                                "listIndexes",
                                "remove",
                                "update"
                        ]
                }
        ]
}
sys:PRIMARY> 

 

 

 

 

 

 

 

 

 

db.auth() :

查找用户:
db.getUser() :
db.getUsers() :
##############
查看指定库中指定用户的具体信息:
use apple;
db.getUser("igoodul");
use admin;
db.getUser("test",{showCredentials:true,showPrivileges:true});
// 说明:
showCredentials:true  显示加密信息
showPrivileges:true  显示权限详细信息


查看指定库apple中存在的所有用户:
use apple;
db.getUsers();
use amdin;
db.getUsers({ filter: { mechanisms: "SCRAM-SHA-256" } });

 

 

2,创建用户:

 

用户密码为明文字符串,或者passwordPrompt() 提示输入用户密码。
db.createUser() :
use admin;
db.createUser({user:"igoodful",
               pwd:"123456",
               roles:[{role:"readWrite",db:"apple"},
                       {role:"readWrite",db:"google"}
             ]});
// 不带角色:
use admin;
db.createUser(
   {
     user: "reportsUser",
     pwd: "123456", 
     roles: [ ]
   });
// 带上角色:
use admin;
db.createUser(
   {
     user: "accountUser",
     pwd: "123456", 
     roles: [ "readWrite", "dbAdmin" ]
   });

// 创建管理员用户
use admin;
db.createUser(
   {
     user: "appAdmin",
     pwd: "1234565", 
     roles:
       [
         { role: "readWrite", db: "config" },
         "clusterAdmin"
       ]
   });

// 创建身份验证限制的用户,3.6版的新功能。
use admin;
db.createUser(
   {
     user: "restricted",
     pwd: "123456",    
     roles: [ { role: "readWrite", db: "apple" } ],
     authenticationRestrictions: [ {
        clientSource: ["10.10.10.11"],
        serverAddress: ["10.10.10.10"]
     } ]
   });

// 要使用SCRAM-SHA-256, featureCompatibilityVersion必须将设置为4.0use admin;
db.createUser(
   {
     user: "User256",
     pwd: "123456",  
     roles: [ { role: "readWrite", db: "admin" } ],
     mechanisms: [ "SCRAM-SHA-256" ]
   });

// 创建超级用户: 
db.createUser(
              {  
                  user : 'dba',
                  pwd  : 'dba',
                  roles : [ { role:'root', db:'admin' } ]
        })

// 创建备份恢复账号:
db.createUser({user: "backupuser","pwd": "123456",
            "roles" : [
                { "db" : "pbm", "role" : "readWrite", "collection": "" },
                { "db" : "admin", "role" : "backup" },
                { "db" : "admin", "role" : "clusterMonitor" },
                { "db" : "admin", "role" : "restore" },
                { "db" : "admin", "role" : "xmmgbakcupAnyAction" }
            ]
    }); 
// 

 

3,删除用户:

 

删除用户:

从当前数据库中删除所有用户。
db.dropAllUsers() :

从当前数据库中删除指定用户
db.dropUser() :
// 
use admin;
db.dropUser("User1", {w: "majority", wtimeout: 5000});

db.system.users.remove({user:"igoodful"});

 

 

 

4,更新用户:

 

更新用户信息:
db.updateUser() :
use admin;
db.updateUser( "test",{
   customData : { employeeId : "0x3039" },
   roles : [
      { role : "read", db : "assets"  }
   ]} );

db.updateUser(
   "root",
   {
      pwd: "abc"
   }
)
更改密码:
db.changeUserPassword() :
db.changeUserPassword("igoodful", "654321")

添加新的角色给用户:
db.grantRolesToUser() :
use admin;
db.grantRolesToUser(
   "accountUser01",
   [ "readWrite" , { role: "read", db: "stock" } ],
   { w: "majority" , wtimeout: 4000 });

db.grantRolesToUser("username", [{role:"readWrite", db:"testDB"},{role:"read", db:"testDB"}])

撤销用户某个角色:
db.revokeRolesFromUser() :
use admin;
db.revokeRolesFromUser( "test",
                        [ { role: "read", db: "stock" }, "readWrite" ],
                        { w: "majority" }
                      );

#####################################################
db.getUser("skyeye_r");
{
        "_id" : "admin.skyeye_r",
        "user" : "skyeye_r",
        "db" : "admin",
        "roles" : [
                {
                        "role" : "skyeye_r",
                        "db" : "admin"
                }
        ]
}

db.runCommand({revokeRolesFromUser:"skyeye_r",roles:[{role:"skyeye_r",db:"admin"}]})

 db.getUser("skyeye_r");
{
        "_id" : "admin.skyeye_r",
        "user" : "skyeye_r",
        "db" : "admin",
        "roles" : [ ]
}

 

 

 

###########################################

posted @ 2020-11-09 11:37  igoodful  阅读(174)  评论(0编辑  收藏  举报