MongoDB权限管理二

mongodb配置文件如下:

[root@localhost ~]# cat /usr/local/mongodb/mongod.cnf 
bind_ip = 0.0.0.0
logpath=/data/mongodb/logs/mongodb.log
logappend = true
fork = true
#auth = true
port = 6068
dbpath=/data/mongodb/data
pidfilepath=/data/mongodb/mongod.pid
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.

root超级管理员权限
关闭mongod.cnf配置文件参数:auth
直接登录mongo,设置登录密码:

mongo --host 127.0.0.1 --port 6068
use admin
db.createUser({user: 'root', pwd:'TdLLQd689', roles:[{role: 'root', db: 'admin'}]});
db.auth("root","TdLLQSdH689")
  • 1.
  • 2.
  • 3.
  • 4.

关闭mongod
开启mongod.cnf配置文件参数:auth =true

mongo --host 127.0.0.1 --port 6068
use admin
db.auth("root","TdLLQH689")
  • 1.
  • 2.
  • 3.

创建测试库dbtest001,以及测试用户testuser 对dbtest001库有读写的权限

use dbtest001
db.createUser({user:"testuser",pwd:"testuser123",roles:[{role:"readWrite",db:"dbtest001"}]})

创建测试用户testuser 对dbtest001库有读的权限:
db.createUser({user:"testuser01",pwd:"testuser123",roles:[{role:"read",db:"dbtest001"}]})
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.

给测试库插入一个集合chenji(所谓的表chenji):

db.chenji.insert({"name":"小花","年级":"二年级","性别":"男","爱好":"学习"})
WriteResult({ "nInserted" : 1 })
> db.chenji.insert({"name":"花花","年级":"一年级","性别":"女","爱好":"唱歌"})
WriteResult({ "nInserted" : 1 })
> db.chenji.insert({"name":"小花","年级":"三年级","性别":"女","爱好":"打球"})
WriteResult({ "nInserted" : 1 })
> db.chenji.insert({"name":"小花","年级":"四年级","性别":"女","爱好":"画画"})
WriteResult({ "nInserted" : 1 })
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.

查看当前库下的用户:

db.getUsers() 或者show users

> show users
{
	"_id" : "dbtest001.testuser",
	"userId" : UUID("f275fad5-ac4f-4dfa-aea6-af34ed93c3e1"),
	"user" : "testuser",
	"db" : "dbtest001",
	"roles" : [
		{
			"role" : "readWrite",
			"db" : "dbtest001"
		}
	]
}
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.

查看当前库下某个用户的权限:

db.getUser("testuser")
db.getUser("testuser01")
  • 1.
  • 2.

**创建角色: **db.createRole()
更新角色: db.updateRole()
删除角色: db.dropRole()

获得某个角色信息: db.getRole()

> db.getRole("read")
{
	"role" : "read",
	"db" : "dbtest001",
	"isBuiltin" : true,
	"roles" : [ ],
	"inheritedRoles" : [ ]
}
> db.getRole("readWrite")
{
	"role" : "readWrite",
	"db" : "dbtest001",
	"isBuiltin" : true,
	"roles" : [ ],
	"inheritedRoles" : [ ]
}
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.

**删除所有用户: **db.dropAllUsers()

**删除用户:**db.dropUsers(“xxxxxx”)

db.dropUser(“testuser01”)
true

将一个角色赋予读写给用户: db.grantRolesToUser()

use dbtest001
db.grantRolesToUser('testuser01',[ { role : 'readWrite', db : 'dbtest001' } ] )
  • 1.
  • 2.

撤销某个用户的某个角色权限: db.revokeRolesFromUser()

> db.getUser("testuser01")
{
	"_id" : "dbtest001.testuser01",
	"userId" : UUID("d1fefe19-a94f-4300-8855-fd722f14e13f"),
	"user" : "testuser01",
	"db" : "dbtest001",
	"roles" : [
		{
			"role" : "readWrite",
			"db" : "dbtest001"
		}
	]
}
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.

撤回读role读写权限:

> db.revokeRolesFromUser('testuser01',[ { role : 'readWrite', db : 'dbtest001' }])
> db.getUser("testuser01")
{
	"_id" : "dbtest001.testuser01",
	"userId" : UUID("d1fefe19-a94f-4300-8855-fd722f14e13f"),
	"user" : "testuser01",
	"db" : "dbtest001",
	"roles" : [ ]
}
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.

更改密码: db.changeUserPassword()

db.createUser({user:"testuser01",pwd:"testuser123",roles:[{role:"read",db:"dbtest001"}]})
  • 1.

修改密码:

> db.changeUserPassword("testuser01","123456")
  • 1.

测试:使用原密码登录报错如下:

[root@localhost ~]# mongo 127.0.0.1:6068/dbtest001 -u testuser01 -p 'testuser123'
MongoDB shell version v3.6.16
connecting to: mongodb://127.0.0.1:6068/dbtest001?gssapiServiceName=mongodb
2020-01-01T21:51:35.637+0800 E QUERY    [thread1] Error: Authentication failed. :
connect@src/mongo/shell/mongo.js:263:13
@(connect):1:6
exception: connect failed
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.

使用新的密码登录成功

[root@localhost ~]# mongo 127.0.0.1:6068/dbtest001 -u testuser01 -p '123456'
MongoDB shell version v3.6.16
connecting to: mongodb://127.0.0.1:6068/dbtest001?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("966023f0-ff7b-4726-a216-8475bc729971") }
MongoDB server version: 3.6.16
> show collections;
chenji
> db.chenji.find();
{ "_id" : ObjectId("5e0c80a8efc383349153386a"), "name" : "小花", "年级" : "二年级", "性别" : "男", "爱好" : "学习" }
{ "_id" : ObjectId("5e0c80c3efc383349153386b"), "name" : "花花", "年级" : "一年级", "性别" : "女", "爱好" : "唱歌" }
{ "_id" : ObjectId("5e0c83c8efc383349153386c"), "name" : "小花", "年级" : "三年级", "性别" : "女", "爱好" : "打球" }
{ "_id" : ObjectId("5e0c83e9efc383349153386d"), "name" : "小花", "年级" : "四年级", "性别" : "女", "爱好" : "画画" }
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.

查看当前库下的表:

show collections
chenji

查看集合中所有的内容:

> db.chenji.find();
{ "_id" : ObjectId("5e0c80a8efc383349153386a"), "name" : "小花", "年级" : "二年级", "性别" : "男", "爱好" : "学习" }
{ "_id" : ObjectId("5e0c80c3efc383349153386b"), "name" : "花花", "年级" : "一年级", "性别" : "女", "爱好" : "唱歌" }
  • 1.
  • 2.
  • 3.

查看名字叫小花的记录:

> db.chenji.find({"name":"小花"})
{ "_id" : ObjectId("5e0c80a8efc383349153386a"), "name" : "小花", "年级" : "二年级", "性别" : "男", "爱好" : "学习" }
{ "_id" : ObjectId("5e0c83c8efc383349153386c"), "name" : "小花", "年级" : "三年级", "性别" : "女", "爱好" : "打球" }
{ "_id" : ObjectId("5e0c83e9efc383349153386d"), "name" : "小花", "年级" : "四年级", "性别" : "女", "爱好" : "画画" }
  • 1.
  • 2.
  • 3.
  • 4.

参考资料:
MongoDB用户和角色解释系列(上)
 http://www.mongoing.com/archives/26710

先小结到此处,后续在继续学习补充

posted @ 2020-01-01 22:53  勤奋的蓝猫  阅读(2)  评论(0编辑  收藏  举报  来源