首页 > 代码库 > mongodb 3.2 用户权限管理配置
mongodb 3.2 用户权限管理配置
环境
MongoDB shell version: 3.2.6
Win 7
设置方法
用户权限设置
1、进入mongodb的shell :
mongo
2、切换数据库:
use admin
从3.0 版本起,默认只有 local
库,没有admin
库,需要我们自己来创建。
- 3、添加用户,指定用户的角色和数据库:
db.createUser( { user: "admin", customData:{description:"superuser"}, pwd: "admin", roles: [ { role: "userAdminAnyDatabase", db: "admin" } ] } ) user字段,为新用户的名字;pwd字段,用户的密码;cusomData字段,为任意内容,例如可以为用户全名介绍;roles字段,指定用户的角色,可以用一个空数组给新用户设定空角色。在roles字段,可以指定内置角色和用户定义的角色。
4、查看创建的用户 :
show users
或db.system.users.find()
5、启用用户权限:
修改配置文件,增加配置:
security: authorization: enabled
重新启动mongodb
net stop mongodb;net start mongodb;
- 6、用户验证使用:
启用用户验证后,再次登录mongo shell ,执行 show dbs
等命令会提示“没有权限”。此时,需要用户验证登录。
db.auth("admin","admin")
其他
内建的角色
- 数据库用户角色:read、readWrite;
- 数据库管理角色:dbAdmin、dbOwner、userAdmin;
- 集群管理角色:clusterAdmin、clusterManager、clusterMonitor、hostManager;
- 备份恢复角色:backup、restore;
- 所有数据库角色:readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase
- 超级用户角色:root
- // 这里还有几个角色间接或直接提供了系统超级用户的访问(dbOwner 、userAdmin、userAdminAnyDatabase)
- 内部角色:__system
官方详情角色说明 –> 传送门
配置文件示例
官方详解 –> 传送门
#此处为配置文件可配置的内容#Mongod config file #MongoDB configuration files use the YAML format.#The following example configuration file contains several mongod settings.#########Example Start#########systemLog:# destination: file# path: "/var/log/mongodb/mongodb.log"# logAppend: true#storage:# journal:# enabled: true#processManagement:# fork: true#net:# bindIp: 127.0.0.1# port: 27017#setParameter:# enableLocalhostAuthBypass: false#########Example End#################Core OptionssystemLog:# verbosity: 0 #Default: 0; 1 to 5 increases the verbosity level to include Debug messages.# quiet: <boolean># traceAllException: <boolean># syslogFacility: user path: "/usr/local/mongodb/log/mongod.log" logAppend: true# logRotate: <string> #rename or reopen destination: file# timeStampFormat: iso8601-local# component:# accessControl:# verbosity: 0# command:# verbosity: 0# # COMMENT additional component verbosity settings omitted for brevity# storage:# verbosity: 0# journal:# verbosity: <int># write:# verbosity: 0##########ProcessManagement OptionsprocessManagement: fork: true pidFilePath: "/usr/local/mongodb/log/mongod.pid"###########Net Optionsnet: port: 27017# bindIp: <string> #Default All interfaces.# maxIncomingConnections: 65536# wireObjectCheck: true# ipv6: false# unixDomainSocket:# enabled: true# pathPrefix: "/tmp"# filePermissions: 0700# http:# enabled: false# JSONPEnabled: false# RESTInterfaceEnabled: false# ssl:# sslOnNormalPorts: <boolean> # deprecated since 2.6# mode: <string># PEMKeyFile: <string># PEMKeyPassword: <string># clusterFile: <string># clusterPassword: <string># CAFile: <string># CRLFile: <string># allowConnectionsWithoutCertificates: <boolean># allowInvalidCertificates: <boolean># allowInvalidHostnames: false# FIPSMode: <boolean>##########security Options#security:# keyFile: <string># clusterAuthMode: keyFile# authorization: disable# javascriptEnabled: true########security.sasl Options# sasl:# hostName: <string># serviceName: <string># saslauthdSocketPath: <string>###########setParameter OptionsetParameter: enableLocalhostAuthBypass: false# <parameter1>: <value1># <parameter2>: <value2>###########storage Optionsstorage: dbPath: "/data/db"# indexBuildRetry: true# repairPath: "/data/db/_tmp"# journal:# enabled: true# directoryPerDB: false# syncPeriodSecs: 60 engine: "mmapv1" #Valid options include mmapv1 and wiredTiger.#########storage.mmapv1 Options# mmapv1:# preallocDataFiles: true# nsSize: 16# quota:# enforced: false# maxFilesPerDB: 8# smallFiles: false# journal:# debugFlags: <int># commitIntervalMs: 100 # 100 or 30#########storage.wiredTiger Options# wiredTiger:# engineConfig:# cacheSizeGB: <number> #Default: the maximum of half of physical RAM or 1 gigabyte# statisticsLogDelaySecs: 0# journalCompressor: "snappy"# directoryForIndexes: false# collectionConfig:# blockCompressor: "snappy"# indexConfig:# prefixCompression: true############operationProfiling Options#operationProfiling:# slowOpThresholdMs: 100# mode: "off"############replication Options#replication:# oplogSizeMB: <int># replSetName: <string># secondaryIndexPrefetch: all############sharding Options#sharding:# clusterRole: <string> #configsvr or shardsvr# archiveMovedChunks: True###########auditLog Options#auditLog:# destination: <string> #syslog/console/file# format: <string> #JSON/BSON# path: <string># filter: <string>###########snmp Options#snmp:# subagent: <boolean># master: <boolean>##########mongos-only Options#replication:# localPingThresholdMs: 15##sharding:# autoSplit: true# configDB: <string># chunkSize: 64##########Windows Service Options#processManagement:# windowsService:# serviceName: <string># displayName: <string># description: <string># serviceUser: <string># servicePassword: <string>
mongodb 3.2 用户权限管理配置
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。