mongodb basic User permission Management example tutorial
- 2020-10-23 20:20:13
- OfStack
preface
This article focuses on mongodb user rights management, but I won't go into the details of what I did last time
Start mongodb and connect
./bin/mongod -f conf/mongod.conf
./bin/mongo 127.0.0.1:12345
View the default database status
> show dbs
admin 0.000GB
local 0.000GB
> use admin
switched to db admin
> show tables
system.version
As you can see, there's nothing in the database right now, except for a little bit of basic information, right
Before creating and setting user permissions, learn 1 thing about documentation
Create a user
# demo
db.createUser(
{
user: "reportsUser",
pwd: "12345678",
roles: [
{ role: "read", db: "reporting" },
{ role: "read", db: "products" },
{ role: "read", db: "sales" },
{ role: "readWrite", db: "accounts" }
]
}
)
Database built-in roles
Database user role
Database management role
Cluster management role
Backup recovery role
All database roles
Superuser role
Internal role
Now that you have the create syntax, and the parameter specification, it's time to get started.
Note that one more thing, accounts are tied to the database, authorized in that database, verified in that database (auth)
Otherwise it will fail
Create an account that manages authorization
> db.createUser(
... {
... user: 'admin',
... pwd: '123456',
... roles: [{role: 'userAdminAnyDatabase', db: 'admin'}]
... }
... )
Successfully added user: {
"user" : "admin",
"roles" : [
{
"role" : "userAdminAnyDatabase",
"db" : "admin"
}
]
}
And then exit the database
> use admin
switched to db admin
> db.shutdownServer()
Restart mongodb and remember to add auth = true to the configuration file mongod.conf
./bin/mongod -f conf/mongod.conf
./bin/mongo 127.0.0.1:12345
> show dbs # No validation, no permissions, error
"errmsg" : "not authorized on admin to execute command
> use admin
> db.auth('admin', '123456')
1
# return 1 Indicates successful authorization, 0 Said failure
> show dbs # It's authorized. You can view it
Create a read/write access account
> use book
switched to db book
> db.createUser(
... {
... user: 'zhangsan',
... pwd: 'zhangsan',
... roles: [{role: 'read', db: 'book'}]
... }
... )
Successfully added user: {
"user" : "zhangsan",
"roles" : [
{
"role" : "read",
"db" : "book"
}
]
}
> db.createUser(
... {
... user: 'lisi',
... pwd: 'lisi',
... roles: [{role: 'readWrite', db: 'book'}]
... }
... )
Successfully added user: {
"user" : "lisi",
"roles" : [
{
"role" : "readWrite",
"db" : "book"
}
]
}
> show users
{
"_id" : "book.lisi",
"user" : "lisi",
"db" : "book",
"roles" : [
{
"role" : "readWrite",
"db" : "book"
}
]
}
{
"_id" : "book.zhangsan",
"user" : "zhangsan",
"db" : "book",
"roles" : [
{
"role" : "read",
"db" : "book"
}
]
}
Then verify that the user permissions are correct
> db.book.insert({book: ' Picture books '}) # It's not verified, it's an error
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on book to execute command { insert: \"book\", docum
ents: [ { _id: ObjectId('5959b56edcc047dfe5c9b336'), book: \" Picture books \" } ], ordered: true }"
}
})
> db.auth('lisi', 'lisi')
1
> db.book.insert({book: ' Picture books '})
WriteResult({ "nInserted" : 1 })
> db.auth('zhangsan', 'zhangsan') # The user to zhangsan
1
> db.book.find() # You can view
{ "_id" : ObjectId("5959b59fdcc047dfe5c9b337"), "book" : " Picture books " }
> db.book.insert({book: ' Choose the day to remember '}) # There is no write Permissions will fail
WriteResult({
"writeError" : {
"code" : 13,
"errmsg" : "not authorized on book to execute command { insert: \"book\", docum
ents: [ { _id: ObjectId('5959b650dcc047dfe5c9b338'), book: \" Choose the day to remember \" } ], ordered: true }"
}
})
Create an root super privilege account
This super power, which includes authorization and manipulation of database collection data, is relatively simple and requires only setting role to root
> use admin
switched to db admin
> db.auth('admin', '123456')
1
> db.createUser(
... {
... user: 'dongsheng',
... pwd: '123456',
... roles: [{role: 'root', db: 'admin'}]
... }
... )
Successfully added user: {
"user" : "dongsheng",
"roles" : [
{
"role" : "root",
"db" : "admin"
}
]
}
> db.auth('dongsheng', '123456')
1
> use book
switched to db book
> db.book.insert({book: ' The Legendary Swordsman '})
WriteResult({ "nInserted" : 1 })
> db.book.find()
{ "_id" : ObjectId("5959b59fdcc047dfe5c9b337"), "book" : " Picture books " }
{ "_id" : ObjectId("5959b7abdcc047dfe5c9b339"), "book" : " The Legendary Swordsman " }
conclusion