Shulou(Shulou.com)05/31 Report--

This article is to share with you the content of a sample analysis of the role of MongoDB users and rights management. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

After mongodb is installed, the auth module is not enabled by default, and both ordinary users and super administrators can operate without authentication. Of course, streaking has risks, so it's safe to turn on the auth module.

First of all, you need to know the following:

1. Mongodb does not have a default administrator account, so add an administrator account first, and then enable permission authentication.

2. Switch to the admin database, and the added account is the administrator account.

3. Users can only log in in the database where they are located, including the administrator account.

4. The administrator can manage all databases, but not other databases directly, only after the authentication of admin database. That's weird.

1. Description of user permission role

1.1 Database User Roles

Read

Allow users to read the specified database

Provides the ability to read data on allnon-system collections and on the following system collections: system.indexes,system.js, and system.namespaces collections.

Have the following permissions:

Aggregate,checkShardingIndex,cloneCollectionAsCapped,collStats

Count,dataSize,dbHash,dbStats,distinct,filemd5

GeoNear,geoSearch,geoWalk,group

MapReduce (inline output only.), text (beta feature.)

ReadWrite

Allows users to read and write to a specified database

Provides all the privileges of the readrole and the ability to modify data on all non-system collections and thesystem.js collection.

In addition to having read permissions, you also have the following permissions:

CloneCollection (as the target database.), convertToCapped

Create (and to create collections implicitly.)

Drop (), dropIndexes,emptycapped,ensureIndex ()

FindAndModify,mapReduce (output to a collection.)

RenameCollection (within the same database.)

Read and readWrite only have permission to operate on the tables in the library.

1.2 Database Administration Roles

DbAdmin

Allows users to perform administrative functions in a specified database, such as index creation, deletion, viewing statistics, or accessing system.profile

Provides the ability to performadministrative tasks such as schema-related tasks, indexing, gatheringstatistics. This role does not grant privileges for user and role management.

Have the following permissions:

Clean,collMod,collStats,compact,convertToCapped

Create,db.createCollection (), dbStats,drop (), dropIndexes,ensureIndex ()

IndexStats,profile,reIndex,renameCollection (within a single database.), validate

DbOwner

Provides the ability to perform anyadministrative action on the database. This role combines the privilegesgranted by the readWrite, dbAdmin and userAdmin roles.

UserAdmin

Allows users to write to the system.users collection, creating, deleting, and managing users in a specified database

Provides the ability to create and modifyroles and users on the current database. Since the userAdmin role allows usersto grant any privilege to any user, including themselves, the role alsoindirectly provides superuser access to either the database or, if scoped tothe admin database, the cluster.

1.3 Cluster Administration Roles

ClusterAdmin

Available only in the admin database, giving users administrative rights to all shard and replication set-related functions.

Provides the greatest cluster-managementaccess. This role combines the privileges granted by the clusterManager,clusterMonitor, and hostManager roles. Additionally, the role provides thedropDatabase action.

Have the following permissions:

AddShard,closeAllDatabases,connPoolStats,connPoolSync,_cpuProfilerStart

_ cpuProfilerStop,cursorInfo,diagLogging,dropDatabase

EnableSharding,flushRouterConfig,fsync,db.fsyncUnlock ()

GetCmdLineOpts,getLog,getParameter,getShardMap,getShardVersion

HostInfo,db.currentOp (), db.killOp (), listDatabases,listShards

LogRotate,moveChunk,movePrimary,netstat,removeShard,unsetSharding

RepairDatabase,replSetFreeze,replSetGetStatus,replSetInitiate

ReplSetMaintenance,replSetReconfig,replSetStepDown,replSetSyncFrom

Resync,serverStatus,setParameter,setShardVersion,shardCollection

ShardingState,shutdown,splitChunk,splitVector,split,top,touch

ClusterManager

Provides management and monitoring actionson the cluster. A user with this role can access the config and localdatabases, which are used in sharding and replication, respectively.

ClusterMonitor

Provides read-only access to monitoringtools, such as the MongoDB Cloud Manager and Ops Manager monitoring agent.

HostManager

Provides the ability to monitor and manageservers.

1.4 Backup and Restoration Roles

Backup

Provides privileges needed to backup data.This role provides sufficient privileges to use the MongoDB Cloud Managerbackup agent, Ops Managerbackup agent, or to use mongodump.

Restore

Provides privileges needed to restore datawith mongorestore without the-- oplogReplay option or without system.profilecollection data.

1.5 All-Database Roles

ReadAnyDatabase

Available only in admin databases, giving users read access to all databases

Provides the same read-only permissions asread, except it applies to all but the local and config databases in thecluster. The role also provides the listDatabases action on the cluster as awhole.

ReadWriteAnyDatabase

Available only in admin databases, giving users read and write access to all databases

Provides the same read and writepermissions as readWrite, except it applies to all but the local and configdatabases in the cluster. The role also provides the listDatabases action onthe cluster as a whole.

UserAdminAnyDatabase

Available only in admin databases, giving users userAdmin permissions for all databases

Provides the same access to useradministration operations as userAdmin, except it applies to all but the localand config databases in the cluster.

Since the userAdminAnyDatabase role allowsusers to grant any privilege to any user, including themselves, the role alsoindirectly provides superuser access.

DbAdminAnyDatabase

Available only in admin databases, giving users dbAdmin permissions for all databases.

Provides the same access to databaseadministration operations as dbAdmin, except it applies to all but the localand config databases in the cluster. The role also provides the listDatabasesaction on the cluster as a whole.

1.6 Superuser Roles

Root

Available only in the admin database. Super account, super privilege

Provides access to the operations and allthe resources of the readWriteAnyDatabase, dbAdminAnyDatabase,userAdminAnyDatabase, clusterAdmin, restore, and backup combined.

Thank you for reading! This is the end of the article on "example Analysis of the role description of MongoDB users and Rights Management". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.