--- layout: post title: MongoDB用户角色授权与AUTH启用 category: 技术 tags: MongoDB keywords: description: --- {:toc} **dbAdmin 在db范围内包括下面的权限:** - collStats - dbHash - dbStats - find - killCursors - listIndexes - listCollections - dropCollection 和 createCollection on system.profile only **userAdmin在db范围内包括如下权限:** - changeCustomData - changePassword - createRole - createUser - dropRole - dropUser - grantRole - revokeRole - viewRole - viewUser readAnyDatabase: 对所有数据库中的collection可读,同时包含listDatabases权限 readWriteAnyDatabase:对所有数据库中的collection可读且可写,同时包含listDatabases权限 userAdminAnyDatabase: 对所有数据库拥有userAdmin角色,同时包含listDatabases权限 dbAdminAnyDatabase: 对所有数据库拥有dbAdmin角色,同时包含listDatabases权限 cluster: clusterMonitor、hostManager、clusterManager、clusterAdmin root: 包含 readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase 和 clusterAdmin 等角色。 但不能访问system. 开头的collection(root does not include any access to collections that begin with the system. prefix.) __system 超级角色 ## 实例: 将json参数放入createUser方法中 ### 1.创建mongo用户,角色为dbAdmin db.createUser() ```JSON { user:"test1", pwd:"123456", roles:[ { role:"dbAdmin", db:"test" } ] } ``` ### 2.创建mongo用户,角色为userAdmin db.createUser() ```JSON { user:"test2", pwd:"123456", roles:[ { role:"userAdmin", db:"test" } ] } ``` ### 3.创建mongo用户,角色为__system 当前验证只能用于admin库 db.createUser() ```JSON { user:"test4", pwd:"123456", roles:[ { role:"__system", db:"admin" } ] } ``` ### 4.创建mongo用户,角色为clusterAdmin 当前验证只能用于admin库 db.createUser() ```JSON { user:"test6", pwd:"123456", roles:[ { role:"clusterAdmin", db:"admin" } ] } ``` ### 5.创建mongo用户,角色为clusterManager 当前验证只能用于admin库 db.createUser() ```JSON { user:"test7", pwd:"123456", roles:[ { role:"clusterManager", db:"test" } ] } ``` ### 6.创建mongo用户,角色为hostManager 当前验证只能用于admin库 db.createUser() ```JSON { user:"test8", pwd:"123456", roles:[ { role:"hostManager", db:"admin" } ] } ``` ### 7.创建mongo用户,角色为clusterMonitor 当前验证只能用于admin库 db.createUser() ```JSON { user:"test9", pwd:"123456", roles:[ { role:"clusterMonitor", db:"admin" } ] } ``` ### 8.创建mongo用户,角色为userAdminAnyDatabase 当前验证只能用于admin库 db.createUser() ```JSON { user:"test10", pwd:"123456", roles:[ { role:"userAdminAnyDatabase", db:"admin" } ] } ``` ### 9.创建mongo用户,角色为readAnyDatabase 当前验证只能用于admin库 db.createUser() ```JSON { user:"test11", pwd:"123456", roles:[ { role:"readAnyDatabase", db:"admin" } ] } ``` ### 10.创建mongo用户,角色为readWriteAnyDatabase 当前验证只能用于admin库 db.createUser() ```JSON { user:"test12", pwd:"123456", roles:[ { role:"readWriteAnyDatabase", db:"admin" } ] } ``` ### 11.创建mongo用户,角色为userAdminAnyDatabase 当前验证只能用于admin库 db.createUser() ```JSON { user:"test13", pwd:"123456", roles:[ { role:"userAdminAnyDatabase", db:"admin" } ] } ``` ### 12.创建mongo用户,角色为dbAdminAnyDatabase 当前验证只能用于admin库 db.createUser() ```JSON { user:"test14", pwd:"123456", roles:[ { role:"dbAdminAnyDatabase", db:"admin" } ] } ``` ### 13.创建mongo用户,角色为root 当前验证只能用于admin库 db.createUser() ```JSON { user:"test15", pwd:"123456", roles:[ { role:"root", db:"admin" } ] } ``` ### 14.创建mongo用户,角色为backup 当前验证只能用于admin库 db.createUser() ```JSON { user:"test16", pwd:"123456", roles:[ { role:"backup", db:"admin" } ] } ``` ### 15.创建mongo用户,角色为dbOwner 当前验证只能用于admin库 db.createUser() ```JSON { user:"test17", pwd:"123456", roles:[ { role:"dbOwner", db:"admin" } ] } ``` ### 16.创建mongo用户,角色为read db.createUser() ```JSON { user:"test18", pwd:"123456", roles:[ { role:"read", db:"test" } ] } ``` ### 17.创建mongo用户,角色为readWrite db.createUser() ```JSON { user:"test20", pwd:"123456", roles:[ { role:"readWrite", db:"test" } ] } ``` ### 18.创建mongo用户,角色为restore 当前验证只能用于admin库 db.createUser() ```JSON { user:"test21", pwd:"123456", roles:[ { role:"restore", db:"admin" } ] } ``` ### 19.创建mongo用户,角色为enableSharding db.createUser() ```JSON { user:"test23", pwd:"123456", roles:[ { role:"enableSharding", db:"test" } ] } ``` ### 20.创建mongo用户,角色为enableSharding和root 即用户可以担任多个角色 db.createUser() ```JSON { user:"test24", pwd:"123456", roles:[ { role:"root", db:"admin" }, { role:"enableSharding", db:"test" } ] } ``` ### 查看指定用户权限 **需要管理员权限** db.runCommand( ```json { usersInfo:"test2", showPrivileges:true } ``` ) ### 修改用户密码 **需要管理员权限,并且要在用户所在的db中操作** use mydb db.changeUserPassword("username", "xxx")