創建用戶
use admin
db.createUser(
{
user: "admin",
pwd: "admin",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
2、
use test
db.createUser(
{
user: "test",
pwd: "test",
roles: [ { role: "readWrite", db: "test" }]
}
)
3.查看權限
Use admin
db.createUser(
{
user: "local",
pwd: "local",
roles: [ { role: "read", db: "local" }]
}
)
創建角色
收回權限
db.revokeRolesFromUser(
"reportsUser",
[
{ role: "readWrite", db: "accounts" }
]
)
授權
db.grantRolesToUser(
"reportsUser",
[
{ role: "read", db: "accounts" }
]
)
創建ADMIN用戶
創建admin用戶
admin = db.getSiblingDB("admin")
admin.createUser(
{
user: "admin",
pwd: "admin",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)
db.grantRolesToUser('admin', [{role:'clusterAdmin',db:'admin'}])
關閉數據庫
use admin
db.shutdownServer()
登錄到primary
db.getSiblingDB("admin").auth("admin", "admin" )
創建用戶
db.getSiblingDB("admin").createUser(
{
"user" : "clusterAdmin",
"pwd" : "clusterAdmin",
roles: [ { "role" : "clusterAdmin", "db" : "admin" } ]
}
)
修改密碼
db.changeUserPassword('password','newPassword');
授權數據庫
db.getSiblingDB("dbname").auth("db", "password" )
查看用戶及角色
查看當前數據庫用戶
db.system.users.find();
Db.getUsers();
Db.getUser(‘admin’);
查看用戶的權限
db.getUser("reportsUser")
查看角色授予的用戶
db.getRole( "readWrite", { showPrivileges: true } )
刪除用戶
db.dropUser(‘admin’)
重建ADMIN用戶
不小心把admin用戶刪除了,重新admin用戶無法創建,報錯爲:
Error: couldn't add user: not authorized on admin to execute command 。。。.
如何重新報建admin用戶呢?
思路:
A: 在mongodb.conf中註釋掉security認證部分
B: 重啓MONGO
C:創建用戶 admin
D:修改配置文件打開security認證部分且重新啓動
主從DB上註釋安全認證部分
1) vi /etc/mongod.conf
註釋下面的內容
#security:
# clusterAuthMode: keyFile
# keyFile: /data/mongodb/key/repl_set.key
# authorization: enabled
重新啓動Mongo
systemctl restart mongod.service
Master上創建用戶
use admin
db.system.users.find()
db.dropUser("admin")
db.system.users.remove({user:"admin"})
db.createUser({user:"userName",pwd:"password",roles:["readWrite"]})
db.grantRolesToUser("admin",[{ role: "clusterAdmin", db: "admin" }]);
db.grantRolesToUser("admin",[{ role: "userAdminAnyDatabase", db: "admin" }]);
db.grantRolesToUser("admin",[{ role: "root", db: "admin" }]);
在主和從 mongo DB servers上打開註釋
vi /etc/mongod.conf
//打開下面的內容
security:
clusterAuthMode: keyFile
keyFile: /data/mongodb/key/repl_set.key
authorization: enabled
重新啓動
systemctl restart mongod
啓動後可以按如下進行數據庫授權訪問了
> use admin
> db.auth("userName","password")
如果允許slave 讀操作,則在slave上執行 rs.slaveOk(); 就OK