One, user and authority management

1. Common permissions

2. Create an administrative user

MongoDB has a user management mechanism, which is simply described as the management user group. The users of this group are specially designed to manage ordinary users, and are called administrators for the time being.

The administrator usually does not have the read and write permissions of the database, and only has the permission to operate the user. We only need to give the administrator the userAdminAnyDatabase role.In addition, the administrator account must be created under the admin database.

Since the user is created under which database, they can only log in in which database, so all users are created under the admin database.In this way, we do not need to log in frequently when we switch databases.

First use admin to switch to the admin database to log in, and then use to switch other databases to operate.The second use does not need to log in again.When MongoDB is set to use the second database, if the login user authority is relatively high, the second database can be directly operated without logging in.

> show dbs> use admin> show users> db.createUser({... user:"uaad",... pwd:"uaad",... roles:[ {... "role":"userAdminAnyDatabase",... "db":"admin"... }] }... )> show usersuser: usernamepwd: passwordcustomData: store user-related custom data, this attribute can also be ignored· roles: array type, configure the user's permissions

Turn on authentication and restart the service:

1. After the administrator account is created, you need to restart MongoDB and enable the authentication function.
2. Use the authentication function db.auth("username", "password") for authentication.A result of 1 is returned, indicating that the authentication is successful, and a return of 0 indicates that the authentication has failed.
3. After the login is successful, you can perform other operations with the permissions corresponding to the roles owned by the user, such as show dbss to view all database information again.

[[email protected] ~]# vim /usr/local/mongodb/bin/mongodb.conf#Enable authentication functionauth = true # short for authorization[[email protected] ~]# mongod -f /usr/local/mongodb/bin/mongodb.conf --shutdown[[email protected] ~]# mongod -f /usr/local/mongodb/bin/mongodb.conf[[email protected] ~]# mongo> show dbs # Can't see information without logging in> use admin # You can only log in users under the admin databaseswitched to db admin> db.auth("uaad", "uaad")1 # Return 1 for successful login, 0 for login failure> show dbsadmin 0.000GBconfig 0.000GBlocal 0.000GB

3. Create a common user

Requirements: Create a test database, add a user to the database, the user name is testuser, and the password is 123456.And grant the user read and write permissions to the test database.

1. The administrator logs in to the database

Ordinary users need to be created by the administrator user, so first log in to the database with the administrator user.

> use adminswitched to db admin> db.auth("uaad","uaad") 1

2. Create a database

MongoDB does not have a specific syntax for creating a database. When using use to switch the database, if the corresponding database does not exist, it will be created and switched directly.

> use testswitched to db test

3. Create user

> db.createUser({user:"testuser",pwd:"123456",roles:[{role:"readWrite",db:"test"}]})Successfully added user: {"user" : "testuser","roles" : [{"role" : "readWrite","db" : "test"}]}

4. Update user

1. Update roles

If we need to modify the role of an existing user, we can use the db.updateUser() function to update the user role.Note: Executing this function requires the current user to have the userAdmin or userAdminAnyDatabse or root role.

db.updateUser("username", {"roles":[{"role":"role name",db:"database"},{"update item 2":"update content"}]})

For example, add readWriteAnyDatabase and dbAdminAnyDatabase permissions to the uaad user just now.

> db.updateUser("uaad", {"roles":[{"role":"userAdminAnyDatabase",db:"admin"},{role:"readWriteAnyDatabase",db:"admin"},{role:"dbAdminAnyDatabase",db:"admin"}]})> show users{"_id" : "admin.uaad","userId" : UUID("b6532586-b403-4cb0-9a10-a0c84ee8ce9e"),"user" : "uaad","db" : "admin","roles" : [{"role" : "userAdminAnyDatabase","db" : "admin"},{"role" : "readWriteAnyDatabase","db" : "admin"},{"role" : "dbAdminAnyDatabase","db" : "admin"}],"mechanisms" : ["SCRAM-SHA-1","SCRAM-SHA-256"]}

2. Update password

There are two ways to update the user's password. When updating the password, you need to switch to the database where the user is located.NOTE: Needs to be executed as a user with userAdmin or userAdminAnyDatabse or root role:

• Use the db.updateUser("username", {"pwd":"new password"}) function to update the password
• Use the db.changeUserPassword("username", "new password") function to update the password

5. Delete user

The specified user can be deleted through the db.dropUser() function, and it will return true after the deletion is successful.When deleting a user, you need to switch to the database where the user is located.Note: A user with userAdmin or userAdminAnyDatabse or root role is required to delete other users.

> use adminswitched to db admin> db.auth("uaad", "uaad")1> use testswitched to db test> show users{"_id" : "test.testuser","userId" : UUID("ae6e219d-3c1c-41ba-a8d6-1ab6724dd480"),"user" : "testuser","db" : "test","roles" : [{"role" : "readWrite","db" : "test"}],"mechanisms" : ["SCRAM-SHA-1","SCRAM-SHA-256"]}> db.dropUser("testuser")true> show users