Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to control user rights in MongoDb. Many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

The syntax for creating users in Mongodb varies from version to version. The version I use here is 3.0.6. Db.addUser () was used before version 3.0, but db.createUser () was used after 3.0. Using db.addUser () after 3.0 will report the following error:

> db.addUser ('dba','dba') 2017-11-17T13:17:08.001+0800 E QUERY TypeError: Property' addUser' of object admin is not a function

If no user has been added to the database, if you want to create a new user, you must first stop the auth authentication and enter the database, that is, let auth=false.

[root@MidApp mongodb] # cat mongodb.conf# profile dbpath=/data/dblogpath=/usr/local/mongodb/logs/mongodb.loglogappend=trueport=27000fork=trueauth=falsenohttpinterface=falsebind_ip=192.168.221.161journal=falsequiet=true

When you log in to the database, you can only see one library, not the admin library:

[root@MidApp mongodb] # mongo 192.168.221.161 MongoDB shell version: 3.0.6connecting to: 192.168.221.161:27000/test > show dbslocal 0.078GB

Now you need to create an account, which requires grant permission, that is, the authorization permission for account management. Note that the mongodb account follows the library, so authorization in the specified library must also be verified (auth) in the specified library.

> use adminswitched to db admin > db.createUser ({user: "dba", pwd: "dba", roles: [{role: "userAdminAnyDatabase", db: "admin"}]}) Successfully added user: {"user": "dba", "roles": [{"role": "userAdminAnyDatabase", "db": "admin"}]} > db.system.users.find () {"_ id": "admin.dba", "user": "dba" "db": "admin", "credentials": {"SCRAM-SHA-1": {"iterationCount": 10000, "salt": "MXvU7oJanxW7gPw+NwI7rw==", "storedKey": "lTPmK31qbk1YKmx5stmYiphsQZE=", "serverKey": "gVovcstiwC0nuU6LTXZAiWkucfA="}}, "roles": [{"role": "userAdminAnyDatabase" "db": "admin"}]} > db.system.users.find (). Pretty () {"_ id": "admin.dba", "user": "dba", "db": "admin", "credentials": {"SCRAM-SHA-1": {"iterationCount": 10000, "salt": "MXvU7oJanxW7gPw+NwI7rw==", "storedKey": "lTPmK31qbk1YKmx5stmYiphsQZE=", "serverKey": "gVovcstiwC0nuU6LTXZAiWkucfA="} "roles": [{"role": "userAdminAnyDatabase", "db": "admin"}]}

You can see that a user dba, password dba, and a userAdminAnyDatabase role with an admin library have been created. Take a look at the built-in roles in mongodb:

1. Database user roles: read, readWrite; 2. Database management roles: dbAdmin, dbOwner, userAdmin; 3. Cluster management roles: clusterAdmin, clusterManager, clusterMonitor, hostManager; 4. Backup and restore roles: backup, restore; 5. All database roles: readAnyDatabase, readWriteAnyDatabase, userAdminAnyDatabase, dbAdminAnyDatabase 6. Superuser roles: root / / there are several roles that provide access to system superusers indirectly or directly (dbOwner, userAdmin, userAdminAnyDatabase) 7. Internal role: _ _ system

Take a look at the specific role definition:

Read: allows the user to read the specified database readWrite: allows the user to read and write the specified database dbAdmin: allows the user to perform management functions in the specified database, such as index creation, deletion, viewing statistics or accessing system.profileuserAdmin: allows the user to write to the system.users collection, and can find the specified database to create, delete and manage the user clusterAdmin: available only in the admin database, giving the user administrative rights to all shard and replication set related functions. ReadAnyDatabase: available only in admin databases, giving users read permissions to all databases readWriteAnyDatabase: available only in admin databases, giving users read and write permissions to all databases userAdminAnyDatabase: available only in admin databases, giving users userAdmin permissions to all databases dbAdminAnyDatabase: available only in admin databases, giving users dbAdmin permissions to all databases. Root: available only in the admin database. Super account, super privilege

Let's turn on the auth parameter to verify it.

[root@MidApp mongodb] # mongo 192.168.221.161 MongoDB shell version: 3.0.6connecting to: 192.168.221.161:27000/test > show dbs# is not validated Will not have permission 2017-11-17T13:04:35.357-0800 E QUERY Error: listDatabases failed: {"ok": 0, "errmsg": "not authorized on admin to execute command {listDatabases: 0800}" "code": 13} at Error () at Mongo.getDBs (src/mongo/shell/mongo.js:47:15) at shellHelper.show (src/mongo/shell/utils.js:630:33) at shellHelper (src/mongo/shell/utils.js:524:36) at (shellhelp2): 1:1 at src/mongo/shell/mongo.js:47 > use admin# account added under the admin library So to go to admin to authenticate switched to db admin > db.auth ('dba','dba') 1 > show dbsadmin 0.078GBlocal 0.078GB

As you can see, the created dba user has been validated successfully. Next I'm going to create two users to verify the permissions of other roles. Create a read-only user and a read-write user.

> use test Switched to db test > db.createUser ({user: "zduser", pwd: "zduser", roles: [{role: "read", db: "test"}]}) Successfully added user: {"user": "zduser", "roles": [{"role": "read", "db": "test"}]} > db.createUser ({user: "dxuser", pwd: "dxuser", roles: [{role: "readWrite") Db: "test"}]}) Successfully added user: {"user": "dxuser", "roles": [{"role": "readWrite", "db": "test"}]} > show users {"_ id": "test.zduser", "user": "zduser", "db": "test", "roles": [{"role": "read", "db": "test"}]} {"_ id": "test.dxuser", "user": "dxuser", "db": "test", "roles": [{"role": "readWrite", "db": "test"}]} >

Create a collection in the test library and verify these two user rights:

> show tables # userAdminAnyDatabase permissions are managed only for users No other permissions 2017-11-17T13:47:39.845-0800 E QUERY Error: listCollections failed: {"ok": 0, "errmsg": "not authorized on test to execute command {listCollections: 0800}" "code": 13} at Error () at DB._getCollectionInfosCommand (src/mongo/shell/db.js:646:15) at DB.getCollectionInfos (src/mongo/shell/db.js:658:20) at DB.getCollectionNames (src/mongo/shell/db.js:669:17) at shellHelper.show (src/mongo/shell/utils.js:625:12) at shellHelper (src/mongo/shell/utils.js:524:36) at (shellhelp2): 1:1 at src/mongo/shell/db.js:646 > exitbye [root@MidApp mongodb] # mongo 192.168.221.161 root@MidApp mongodb 27000 # login again to MongoDB shell version: 3.0.6connecting to: 192.168.221.161:27000/test > use testswitched to db test > db.tb1.insert ({"a": 1 "b": 2}) # try inserting data to see WriteResult ({"writeError": {"code": 13, "errmsg": "not authorized on test to execute command {insert:\" tb1\ ", documents: [{_ id: ObjectId ('5a0f595b3b6523dcb81d4f76'), a: 1.0,2.0}], ordered: true}"}) > db.auth (' dxuser' 'dxuser') # user authentication 1 > db.tb1.insert ({"a": 1, "b": 2}) # you can insert data WriteResult ({"nInserted": 1}) > db.tb1.insert ({"a": 11, "b": 22}) WriteResult ({"nInserted": 1}) > db.tb1.insert ({"a": 1}) WriteResult ({"nInserted": 1}) > db.tb1.find () {"_ id": ObjectId ("5a0f597f3b6523dcb81d4f77"), "a": 1, "b": 2} {"_ id": ObjectId ("5a0f59933b6523dcb81d4f78"), "a": 11, "b": 22} {"_ id": ObjectId ("5a0f59983b6523dcb81d4f79"), "a": 111," b ": 222} > db.auth ('zduser'") 'zduser') # switch read-only user 1 > db.tb1.insert ({"a": 1111, "b": 2222}) # No permission to insert data WriteResult ({"writeError": {"code": 13, "errmsg": "not authorized on test to execute command {insert:\" tb1\ ", documents: [{_ id: ObjectId (' 5a0f59c63b6523dcb81d4f7a'), a: 1111.0, b: 2222.0}] Ordered: true} "}}) > db.tb1.find () # you can view the data {" _ id ": ObjectId (" 5a0f597f3b6523dcb81d4f77 ")," a ": 1," b ": 2} {" _ id ": ObjectId (" 5a0f59933b6523dcb81d4f78 ")," a ": 11," b ": 22} {" _ id ": ObjectId (" 5a0f59983b6523dcb81d4f79 ")," a ": 111," b ": 222} > finish the above Do you know more about how to control user rights in MongoDb? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.