Shulou(Shulou.com)06/01 Report--

First, create an administrator account

Let's start to create an account that requires grant permission, that is, the authorization permission for account management. Note that the account follows the library, so authorization in the specified library must also be verified in the specified library (auth).

> use admin

Switched to db admin

> db.createUser (

{

User: "dba"

Pwd: "dba"

Roles: [{role: "userAdminAnyDatabase", db: "admin"}]

}

)

two。 Edit the mongodb configuration file to open the verification module

Security:

Authorization: enabled

3. Restart mongod.

4. Log in to mongodb again

# mongo

> show dbs

2017-01-10T19:30:30.924+0800 E QUERY [main] Error: listDatabases failed: {

"ok": 0

"errmsg": "not authorized on admin to execute command {listDatabases: 1.0}"

"code": 13

"codeName": "Unauthorized"

}

5. The above error will be reported because the auth module needs to be verified after it is opened. If you need to use the administrator account you just created, you need to verify it under the admin library. 1 indicates that the verification is successful.

> use admin

> db.auth ('dba','dba')

one

6. Verify success and execute the command again:

> show dbs

Admin 0.000GB

Local 0.000GB

It can be executed successfully.

Second, create ordinary user accounts

The role of userAdminAnyDatabase has permission to create a user under any database. Let's create a normal user with the dba user you just created.

1. Create a read-only account

Use db1

Db.createUser (

{

User: "test1"

Pwd: "test1"

Roles: [{role: "read", db: "db1"}]

}

)

two。 Create a read-write account

Use db1

Db.createUser (

{

User: "test2"

Pwd: "test2"

Roles: [{role: "readWrite", db: "db1"}]

}

)

Note: only users created under the current library can authenticate under the current library, and users of other libraries created under the admin library need to authenticate under admin.

Create a Super Admin user

MongoDB has built-in root role after V3.0, that is, it combines readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase and clusterAdmin4 role permissions, which is similar to ORACLE's sysdba role, but the super administrator user name of MongoDB can be defined at will. Of course, such a highly privileged user is still not recommended.

Db.createUser (

{

User: "dbroot"

Pwd: "dbroot"

Roles: [{role: "root", db: "admin"}]

}

)

4. View user information

Db.getUser ("test1")

> db.getUser ("test1")

{

"_ id": "admin.test1"

"user": "test1"

"db": "admin"

"roles": [

{

"role": "clusterAdmin"

"db": "admin"

}

]

}

5. Modify user information

The following information of the user can be modified:

Roles, passwords, customData

Db.updateUser ("test1"

{

CustomData: {employeeID: "0x3039"}

Roles: [

{role: "read", db: "admin"}

]

Pwd: "test1password"

}

)

Change the user's password

Db.changeUserPassword ("user", "password")

7. Delete users

Db.system.users.remove ({user: "user1"})

Db.dropUser ("test1")

VIII. Authorization to users

If the original permission remains unchanged, the permission granted to readWrite,read admin:

Db.grantRolesToUser (

"test1"

["readWrite"

{role: "read", db: "admin"}

]

)

IX. Recall authority

Reclaim the readWrite and read admin permissions of the test1 user.

Db.revokeRolesFromUser (

"test1"

[{role: "read", db: "admin"}

"readWrite"

]

)

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.