环境
MongoDBshellversion:3.2.6
Win7
设置方法
用户权限设置
1、进入mongodb的shell:mongo
2、切换数据库:useadmin
从3.0版本起,默认只有local库,没有admin库,需要我们自己来创建。
3、添加用户,指定用户的角色和数据库:
db.createUser( {user:"admin", customData:{description:"superuser"}, pwd:"admin", roles:[{role:"userAdminAnyDatabase",db:"admin"}] } ) |
user字段,为新用户的名字;
pwd字段,用户的密码;
cusomData字段,为任意内容,例如可以为用户全名介绍;
roles字段,指定用户的角色,可以用一个空数组给新用户设定空角色。在roles字段,可以指定内置角色和用户定义的角色。
4、查看创建的用户:showusers或db.system.users.find()
5、启用用户权限:
修改配置文件,增加配置:
security:
authorization:enabled
重新启动mongodb
netstopmongodb;
netstartmongodb;
6、用户验证使用:
启用用户验证后,再次登录mongoshell,执行showdbs等命令会提示“没有权限”。此时,需要用户验证登录。
db.auth("admin","admin")
其他
内建的角色
1、数据库用户角色:read、readWrite;
2、数据库管理角色:dbAdmin、dbOwner、userAdmin;
3、集群管理角色:clusterAdmin、clusterManager、clusterMonitor、hostManager;
4、备份恢复角色:backup、restore;
5、所有数据库角色:readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase
6、超级用户角色:root
7、//这里还有几个角色间接或直接提供了系统超级用户的访问(dbOwner、userAdmin、userAdminAnyDatabase)
8、内部角色:__system
配置文件示例
#此处为配置文件可配置的内容 #Mongodconfigfile #MongoDBconfigurationfilesusetheYAMLformat. #Thefollowingexampleconfigurationfilecontainsseveralmongodsettings. # ########ExampleStart######## #systemLog: #destination:file #path:"/var/log/mongodb/mongodb.log" #logAppend:true #storage: #journal: #enabled:true #processManagement: #fork:true #net: #bindIp:127.0.0.1 #port:27017 #setParameter: #enableLocalhostAuthBypass:false # ########ExampleEnd######## # ########CoreOptions systemLog: #verbosity:0#Default:0;1to5increasestheverbosityleveltoincludeDebugmessages. #quiet:<boolean> #traceAllException:<boolean> #syslogFacility:user path:"/usr/local/mongodb/log/mongod.log" logAppend:true #logRotate:<string>#renameorreopen destination:file #timeStampFormat:iso8601-local #component: #accessControl: #verbosity:0 #command: #verbosity:0 ##COMMENTadditionalcomponentverbositysettingsomittedforbrevity #storage: #verbosity:0 #journal: #verbosity:<int> #write: #verbosity:0 # # ########ProcessManagementOptions processManagement: fork:true pidFilePath:"/usr/local/mongodb/log/mongod.pid" # # #########NetOptions net: port:27017 #bindIp:<string>#DefaultAllinterfaces. #maxIncomingConnections:65536 #wireObjectCheck:true #ipv6:false #unixDomainSocket: #enabled:true #pathPrefix:"/tmp" #filePermissions:0700 #http: #enabled:false #JSONPEnabled:false #RESTInterfaceEnabled:false #ssl: #sslOnNormalPorts:<boolean>#deprecatedsince2.6 #mode:<string> #PEMKeyFile:<string> #PEMKeyPassword:<string> #clusterFile:<string> #clusterPassword:<string> #CAFile:<string> #CRLFile:<string> #allowConnectionsWithoutCertificates:<boolean> #allowInvalidCertificates:<boolean> #allowInvalidHostnames:false #FIPSMode:<boolean> # # ########securityOptions #security: #keyFile:<string> #clusterAuthMode:keyFile #authorization:disable #javascriptEnabled:true ########security.saslOptions #sasl: #hostName:<string> #serviceName:<string> #saslauthdSocketPath:<string> # # #########setParameterOption setParameter: enableLocalhostAuthBypass:false #<parameter1>:<value1> #<parameter2>:<value2> # # #########storageOptions storage: dbPath:"/data/db" #indexBuildRetry:true #repairPath:"/data/db/_tmp" #journal: #enabled:true #directoryPerDB:false #syncPeriodSecs:60 engine:"mmapv1"#Validoptionsincludemmapv1andwiredTiger. #########storage.mmapv1Options #mmapv1: #preallocDataFiles:true #nsSize:16 #quota: #enforced:false #maxFilesPerDB:8 #smallFiles:false #journal: #debugFlags:<int> #commitIntervalMs:100#100or30 #########storage.wiredTigerOptions #wiredTiger: #engineConfig: #cacheSizeGB:<number>#Default:themaximumofhalfofphysicalRAMor1gigabyte #statisticsLogDelaySecs:0 #journalCompressor:"snappy" #directoryForIndexes:false #collectionConfig: #blockCompressor:"snappy" #indexConfig: #prefixCompression:true # # ##########operationProfilingOptions #operationProfiling: #slowOpThresholdMs:100 #mode:"off" # # ##########replicationOptions #replication: #oplogSizeMB:<int> #replSetName:<string> #secondaryIndexPrefetch:all # # ##########shardingOptions #sharding: #clusterRole:<string>#configsvrorshardsvr #archiveMovedChunks:True # # #########auditLogOptions #auditLog: #destination:<string>#syslog/console/file #format:<string>#JSON/BSON #path:<string> #filter:<string> # # #########snmpOptions #snmp: #subagent:<boolean> #master:<boolean> # # ########mongos-onlyOptions #replication: #localPingThresholdMs:15 # #sharding: #autoSplit:true #configDB:<string> #chunkSize:64 # # ########WindowsServiceOptions #processManagement: #windowsService: #serviceName:<string> #displayName:<string> #description:<string> #serviceUser:<string> #servicePassword:<string> |