Shulou(Shulou.com)05/31 Report--

This article mainly introduces the mongodb-based user rights management example analysis, has a certain reference value, interested friends can refer to, I hope you can learn a lot after reading this article, the following let the editor take you to understand it.

Start mongodb and connect

. / bin/mongod-f conf/mongod.conf./bin/mongo 127.0.0.1 purl 12345

View the default database situation

> show dbsadmin 0.000GBlocal 0.000GB > use adminswitched to db admin > show tablessystem.version

As you can see, there is nothing but some basic information in the database at present.

Before creating and setting user permissions, take a look at the documentation.

Create a user

# demodb.createUser ({user: "reportsUser", pwd: "12345678", roles: [{role: "read", db: "reporting"}, {role: "read", db: "products"}, {role: "read", db: "sales"}, {role: "readWrite", db: "accounts"}]})

Database built-in role

Database user role

Read (read the specified database)

ReadWrite (read and write specified database)

Database management role

DbAdmin (database administrator)

DbOwner (database owner, merged with readWrite, dbAdmin and userAdmin roles.)

UserAdmin (user administrator who can find the specified database to create, delete and manage users)

Cluster management role

ClusterAdmin (Cluster Administrator)

ClusterManager (Cluster Manager)

ClusterMonitor (collection monitor)

HostManager (host manager)

Backup recovery role

Backup (backup)

Restore (restore)

All database roles

ReadAnyDatabase (read any database)

ReadWriteAnyDatabase (read and write any database)

UserAdminAnyDatabase (user manages any database)

DbAdminAnyDatabase (any database administrator)

Superuser role

Root

Internal role

_ _ system

With the creation syntax and parameter description, let's start the practice.

Note that the account is bound with the database, authorized in that library, and verified (auth) in that library.

Otherwise, it will fail.

Create an account to manage authorized permissions

> db.createUser (. {. User: 'admin',... Pwd: '123456. Roles: [{role: 'userAdminAnyDatabase', db:' admin'}]. }) Successfully added user: {"user": "admin", "roles": [{"role": "userAdminAnyDatabase", "db": "admin"}]}

Then exit the database

> use adminswitched to db admin > db.shutdownServer ()

Restart mongodb and remember to add auth = true to the configuration file mongod.conf

. / bin/mongod-f conf/mongod.conf./bin/mongo 127.0.0.1 conf/mongod.conf./bin/mongo 12345 > show dbs # No authentication, no permission, error will occur "errmsg": "not authorized on admin to execute command > use admin > db.auth ('admin',' 123456')" returns 1 indicates authorization success, 0 indicates failure > show dbs # has been authorized and can be viewed

Create an account with read and write permissions

> use bookswitched to db book > db.createUser (. {... User: 'zhangsan',... Pwd: 'zhangsan',... Roles: [{role: 'read', db:' book'}]. }) Successfully added user: {"user": "zhangsan", "roles": [{"role": "read", "db": "book"}]} > db.createUser (. {. User: 'lisi',... Pwd: 'lisi',... Roles: [{role: 'readWrite', db:' book'}]. }) Successfully added user: {"user": "lisi", "roles": [{"role": "readWrite", "db": "book"}]} > show users {"_ id": "book.lisi", "user": "lisi", "db": "book", "roles": [{"role": "readWrite" "db": "book"}} {"_ id": "book.zhangsan", "user": "zhangsan", "db": "book", "roles": [{"role": "read", "db": "book"}]}

Then verify that the user permissions are correct

> db.book.insert ({book: 'comic book'}) # failed to verify WriteResult ({"writeError": {"code": 13, "errmsg": "not authorized on book to execute command {insert:\" book\ ", documents: [{_ id: ObjectId ('5959b56edcc047dfe5c9b336'), book:\" comic book\ "}], ordered: true}"}) > db.auth (' lisi' 'lisi') 1 > db.book.insert ({book:' comic book'}) WriteResult ({"nInserted": 1}) > db.auth ('zhangsan',' zhangsan') # users cut to zhangsan1 > db.book.find () # you can view {"_ id": ObjectId ("5959b59fdcc047dfe5c9b337"), "book": "comic book"} > db.book.insert ({book: 'choosing days'}) # No write permission Will fail WriteResult ({"writeError": {"code": 13, "errmsg": "not authorized on book to execute command {insert:\" book\ ", documents: [{_ id: ObjectId ('5959b650dcc047dfe5c9b338'), book:\" Nature selection\ "}], ordered: true}"}})

Create a root super privilege account

This super permission includes authorizing and manipulating database collection data, which is relatively simple, as long as role is set to root

> use adminswitched to db admin > db.auth ('admin',' 123456') 1 > db.createUser (. {. User: 'dongsheng',... Pwd: '123456. Roles: [{role: 'root', db:' admin'}]. }) Successfully added user: {"user": "dongsheng", "roles": [{"role": "root", "db": "admin"}]} > db.auth ('dongsheng' '123456') 1 > use bookswitched to db book > db.book.insert ({book:' The Smiling、Proud Wanderer'}) WriteResult ({"nInserted": 1}) > db.book.find () {"_ id": ObjectId ("5959b59fdcc047dfe5c9b337"), "book": "comic book"} {"_ id": ObjectId ("5959b7abdcc047dfe5c9b339"), "book": "The Smiling、Proud Wanderer"} Thank you for reading this article carefully I hope the article "sample Analysis of user Rights Management based on mongodb" shared by the editor will be helpful to you. At the same time, I also hope that you will support and pay attention to the industry information channel. More related knowledge is waiting for you to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.