mongodb 3.2 用户权限管理配置
环境
MongoDB shell version: 3.2.6
Win 7
设置方法
用户权限设置
-
1、进入mongodb的shell :
mongo
-
2、切换数据库:
use admin
从3.0 版本起,默认只有 local
库,没有admin
库,需要我们自己来创建。
- 3、添加用户,指定用户的角色和数据库:
-
db.createUser( { user: "admin", customData:{description:"superuser"}, pwd: "admin", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } ) user字段,为新用户的名字; pwd字段,用户的密码; cusomData字段,为任意内容,例如可以为用户全名介绍; roles字段,指定用户的角色,可以用一个空数组给新用户设定空角色。在roles字段,可以指定内置角色和用户定义的角色。
-
4、查看创建的用户 :
show users
或db.system.users.find()
-
5、启用用户权限:
修改配置文件,增加配置:
security:
authorization: enabled
重新启动mongodb
net stop mongodb;
net start mongodb;
- 6、用户验证使用:
启用用户验证后,再次登录mongo shell ,执行 show dbs
等命令会提示“没有权限”。此时,需要用户验证登录。
db.auth("admin","admin")
其他
内建的角色
- 数据库用户角色:read、readWrite;
- 数据库管理角色:dbAdmin、dbOwner、userAdmin;
- 集群管理角色:clusterAdmin、clusterManager、clusterMonitor、hostManager;
- 备份恢复角色:backup、restore;
- 所有数据库角色:readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase
- 超级用户角色:root
- // 这里还有几个角色间接或直接提供了系统超级用户的访问(dbOwner 、userAdmin、userAdminAnyDatabase)
- 内部角色:__system
官方详情角色说明 –> 传送门
配置文件示例
官方详解 –> 传送门
#此处为配置文件可配置的内容
#Mongod config file
#MongoDB configuration files use the YAML format.
#The following example configuration file contains several mongod settings.
#
########Example Start########
#systemLog:
# destination: file
# path: "/var/log/mongodb/mongodb.log"
# logAppend: true
#storage:
# journal:
# enabled: true
#processManagement:
# fork: true
#net:
# bindIp: 127.0.0.1
# port: 27017
#setParameter:
# enableLocalhostAuthBypass: false
#
########Example End########
#
########Core Options
systemLog:
# verbosity: 0 #Default: 0; 1 to 5 increases the verbosity level to include Debug messages.
# quiet: <boolean>
# traceAllException: <boolean>
# syslogFacility: user
path: "/usr/local/mongodb/log/mongod.log"
logAppend: true
# logRotate: <string> #rename or reopen
destination: file
# timeStampFormat: iso8601-local
# component:
# accessControl:
# verbosity: 0
# command:
# verbosity: 0
# # COMMENT additional component verbosity settings omitted for brevity
# storage:
# verbosity: 0
# journal:
# verbosity: <int>
# write:
# verbosity: 0
#
#
########ProcessManagement Options
processManagement:
fork: true
pidFilePath: "/usr/local/mongodb/log/mongod.pid"
#
#
#########Net Options
net:
port: 27017
# bindIp: <string> #Default All interfaces.
# maxIncomingConnections: 65536
# wireObjectCheck: true
# ipv6: false
# unixDomainSocket:
# enabled: true
# pathPrefix: "/tmp"
# filePermissions: 0700
# http:
# enabled: false
# JSONPEnabled: false
# RESTInterfaceEnabled: false
# ssl:
# sslOnNormalPorts: <boolean> # deprecated since 2.6
# mode: <string>
# PEMKeyFile: <string>
# PEMKeyPassword: <string>
# clusterFile: <string>
# clusterPassword: <string>
# CAFile: <string>
# CRLFile: <string>
# allowConnectionsWithoutCertificates: <boolean>
# allowInvalidCertificates: <boolean>
# allowInvalidHostnames: false
# FIPSMode: <boolean>
#
#
########security Options
#security:
# keyFile: <string>
# clusterAuthMode: keyFile
# authorization: disable
# javascriptEnabled: true
########security.sasl Options
# sasl:
# hostName: <string>
# serviceName: <string>
# saslauthdSocketPath: <string>
#
#
#########setParameter Option
setParameter:
enableLocalhostAuthBypass: false
# <parameter1>: <value1>
# <parameter2>: <value2>
#
#
#########storage Options
storage:
dbPath: "/data/db"
# indexBuildRetry: true
# repairPath: "/data/db/_tmp"
# journal:
# enabled: true
# directoryPerDB: false
# syncPeriodSecs: 60
engine: "mmapv1" #Valid options include mmapv1 and wiredTiger.
#########storage.mmapv1 Options
# mmapv1:
# preallocDataFiles: true
# nsSize: 16
# quota:
# enforced: false
# maxFilesPerDB: 8
# smallFiles: false
# journal:
# debugFlags: <int>
# commitIntervalMs: 100 # 100 or 30
#########storage.wiredTiger Options
# wiredTiger:
# engineConfig:
# cacheSizeGB: <number> #Default: the maximum of half of physical RAM or 1 gigabyte
# statisticsLogDelaySecs: 0
# journalCompressor: "snappy"
# directoryForIndexes: false
# collectionConfig:
# blockCompressor: "snappy"
# indexConfig:
# prefixCompression: true
#
#
##########operationProfiling Options
#operationProfiling:
# slowOpThresholdMs: 100
# mode: "off"
#
#
##########replication Options
#replication:
# oplogSizeMB: <int>
# replSetName: <string>
# secondaryIndexPrefetch: all
#
#
##########sharding Options
#sharding:
# clusterRole: <string> #configsvr or shardsvr
# archiveMovedChunks: True
#
#
#########auditLog Options
#auditLog:
# destination: <string> #syslog/console/file
# format: <string> #JSON/BSON
# path: <string>
# filter: <string>
#
#
#########snmp Options
#snmp:
# subagent: <boolean>
# master: <boolean>
#
#
########mongos-only Options
#replication:
# localPingThresholdMs: 15
#
#sharding:
# autoSplit: true
# configDB: <string>
# chunkSize: 64
#
#
########Windows Service Options
#processManagement:
# windowsService:
# serviceName: <string>
# displayName: <string>
# description: <string>
# serviceUser: <string>
# servicePassword: <string>
https://www.cnblogs.com/mymelody/p/5906199.html
标签: mongodb