mongodb的用户管理
注意一点:帐号是跟着库走的,所以在指定库里授权,必须也在指定库里验证(auth)。
#########################################################
1,查看用户:
sys:PRIMARY> db.getUser("sys_wr") { "_id" : "admin.sys_wr", "userId" : UUID("0b1c20c4-c7c9-401e-865a-3c6601b8fdea"), "user" : "sys_wr", "db" : "admin", "roles" : [ { "role" : "sys_rl", "db" : "admin" } ] } sys:PRIMARY> db.getRole("sys_rl",{showPrivileges:true}); { "role" : "sys_rl", "db" : "admin", "isBuiltin" : false, "roles" : [ ], "inheritedRoles" : [ ], "privileges" : [ { "resource" : { "db" : "sys", "collection" : "" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "insert", "killCursors", "listCollections", "listIndexes", "remove", "update" ] } ], "inheritedPrivileges" : [ { "resource" : { "db" : "sys", "collection" : "" }, "actions" : [ "collStats", "dbHash", "dbStats", "find", "insert", "killCursors", "listCollections", "listIndexes", "remove", "update" ] } ] } sys:PRIMARY>
db.auth() : 查找用户: db.getUser() : db.getUsers() : ############## 查看指定库中指定用户的具体信息: use apple; db.getUser("igoodul"); use admin; db.getUser("test",{showCredentials:true,showPrivileges:true}); // 说明: showCredentials:true 显示加密信息 showPrivileges:true 显示权限详细信息 查看指定库apple中存在的所有用户: use apple; db.getUsers(); use amdin; db.getUsers({ filter: { mechanisms: "SCRAM-SHA-256" } });
2,创建用户:
用户密码为明文字符串,或者passwordPrompt() 提示输入用户密码。 db.createUser() : use admin; db.createUser({user:"igoodful", pwd:"123456", roles:[{role:"readWrite",db:"apple"}, {role:"readWrite",db:"google"} ]}); // 不带角色: use admin; db.createUser( { user: "reportsUser", pwd: "123456", roles: [ ] }); // 带上角色: use admin; db.createUser( { user: "accountUser", pwd: "123456", roles: [ "readWrite", "dbAdmin" ] }); // 创建管理员用户 use admin; db.createUser( { user: "appAdmin", pwd: "1234565", roles: [ { role: "readWrite", db: "config" }, "clusterAdmin" ] }); // 创建身份验证限制的用户,3.6版的新功能。 use admin; db.createUser( { user: "restricted", pwd: "123456", roles: [ { role: "readWrite", db: "apple" } ], authenticationRestrictions: [ { clientSource: ["10.10.10.11"], serverAddress: ["10.10.10.10"] } ] }); // 要使用SCRAM-SHA-256, featureCompatibilityVersion必须将设置为4.0。 use admin; db.createUser( { user: "User256", pwd: "123456", roles: [ { role: "readWrite", db: "admin" } ], mechanisms: [ "SCRAM-SHA-256" ] }); // 创建超级用户: db.createUser( { user : 'dba', pwd : 'dba', roles : [ { role:'root', db:'admin' } ] }) // 创建备份恢复账号: db.createUser({user: "backupuser","pwd": "123456", "roles" : [ { "db" : "pbm", "role" : "readWrite", "collection": "" }, { "db" : "admin", "role" : "backup" }, { "db" : "admin", "role" : "clusterMonitor" }, { "db" : "admin", "role" : "restore" }, { "db" : "admin", "role" : "xmmgbakcupAnyAction" } ] }); //
3,删除用户:
删除用户: 从当前数据库中删除所有用户。 db.dropAllUsers() : 从当前数据库中删除指定用户 db.dropUser() : // use admin; db.dropUser("User1", {w: "majority", wtimeout: 5000}); db.system.users.remove({user:"igoodful"});
4,更新用户:
更新用户信息: db.updateUser() : use admin; db.updateUser( "test",{ customData : { employeeId : "0x3039" }, roles : [ { role : "read", db : "assets" } ]} ); db.updateUser( "root", { pwd: "abc" } ) 更改密码: db.changeUserPassword() : db.changeUserPassword("igoodful", "654321") 添加新的角色给用户: db.grantRolesToUser() : use admin; db.grantRolesToUser( "accountUser01", [ "readWrite" , { role: "read", db: "stock" } ], { w: "majority" , wtimeout: 4000 }); db.grantRolesToUser("username", [{role:"readWrite", db:"testDB"},{role:"read", db:"testDB"}]) 撤销用户某个角色: db.revokeRolesFromUser() : use admin; db.revokeRolesFromUser( "test", [ { role: "read", db: "stock" }, "readWrite" ], { w: "majority" } ); ##################################################### db.getUser("skyeye_r"); { "_id" : "admin.skyeye_r", "user" : "skyeye_r", "db" : "admin", "roles" : [ { "role" : "skyeye_r", "db" : "admin" } ] } db.runCommand({revokeRolesFromUser:"skyeye_r",roles:[{role:"skyeye_r",db:"admin"}]}) db.getUser("skyeye_r"); { "_id" : "admin.skyeye_r", "user" : "skyeye_r", "db" : "admin", "roles" : [ ] }
###########################################
igoodful@qq.com