创建用户和角色
https://docs.mongodb.com/manual/core/authorization/
1.在未开启用户访问控制的实例下创建管理员账户
use admindb.createUser({user: "myUserAdmin",pwd: "123456",roles: [ { role: "userAdminAnyDatabase", db: "admin" }, "readWriteAnyDatabase" ]})
2.配置mongo的用户认证并重启实例
vim /opt/mongo_27017/conf/mongodb.conf
security:
authorization: enabled
#重启
systemctl restart mongod.service
3.使用管理员账户登陆
mongo --authenticationDatabase "admin" -u "myUserAdmin" -p
4.使用管理员账户创建普通用户并查看
use test
db.createUser(
{
user: "noruser",
pwd: "123456",
roles: [ { role: "readWrite", db: "readWrite" },
{ role: "read", db: "read" } ]
}
)
db.getUsers()
5.使用管理员账户创建测试库
use readWrite
db.write.insertOne({"name":"read_write"})
use read
db.read.insertOne({"name":"onlyread"})
6.推出管理员账户并使用刚才创建的普通用户登陆
mongo —authenticationDatabase “test” -u “noruser” -p
show dbs
use readWrite
show tables
db.write.insertOne({“name”:”json”}) #正常写入
db.write.find()
use read
show tables
db.read.find()
db.read.insertOne({“name”:”bobo”}) #应该报错
7.修改用户权限
mongo —authenticationDatabase “admin” -u “myUserAdmin” -p
use test
db.updateUser(
‘noruser’,
{
pwd: “123456”,
roles: [ { role: “readWrite”, db: “readWrite” },
{ role: “readWrite”, db: “read” } ,
{ role: “readWrite”, db: “test” }]
}
)
db.getUsers()
8.普通账户测试修改后的管理员权限
mongo —authenticationDatabase “test” -u “noruser” -p
show dbs
use readWrite
show tables
db.write.insertOne({“name”:”json”}) #正常写入
db.write.find()
use read
show tables
db.read.find()
db.read.insertOne({“name”:”bobo”}) #正常写入
9.删除用户
mongo —authenticationDatabase “admin” -u “myUserAdmin” -p
use test
db.getUsers()
db.dropUser(“noruser”)
db.getUsers()
若有收获,就点个赞吧
0 人点赞
