1.用户权限结构图
2.可以优先创建标红的MongoDB用户
3.创建用户命令列表
创建用户一定要在具体的db下执行
use admin
Root用户:
db.createUser({user:"root", pwd:“pwd", roles:[{role:"root", db:"admin"}]})(一般不要用这个用户)
仅次于ROOT用户的:
db.createUser({ user:'admin',pwd:'pwd',
roles:[
{role:'clusterAdmin',db:'admin'},
{role:'userAdminAnyDatabase',db:'admin'},
{role:'dbAdminAnyDatabase',db:'admin'},
{role:'readWriteAnyDatabase',db:'admin'}
]})
门管理用户的:
db.createUser({user:"userAdmin", pwd:“pwd", roles:[{role:"userAdminAnyDatabase", db:"admin"}]})
备份用户的:
db.createUser({user:"backup", pwd:" pwd ", roles:[{role:"backup", db:"admin"}]})
恢复用户:
db.createRole({role:'restoreEx', ,privileges:[{resource:{anyResource:true},actions:['anyAction']}],roles:[{role:"restore", db:"admin"}]})(这个权限开的太大了)
db.createRole({role:‘restoreEx’, ,privileges:[{resource:{db:“config”,collection:“system.sessions”},actions:[‘find’,‘insert’,‘remove’,‘update’]}],roles:[{role:“restore”, db:“admin”}]})(优先这个)
db.adminCommand({ createRole: "restoreEx", privileges: [ { resource: { db: "config", collection: "system.sessions" }, actions: [ "find", "update", "insert", "remove" ] }, ], roles: [ { role: "restore", db: "admin" } ], writeConcern: { w: "majority" , wtimeout: 5000 }})
删除用户:
db.dropUser(“xxx”);
删除角色:
db.dropRole(“‘restoreEx”);
修改密码:
db.changeUserPassword("restore",“pwd")
权限与用户:
db.grantRolesToUser("restore", [{role:"restoreEx",db:"admin"}])
db.revokeRolesFromUser("admin",["restore"])
权限与角色:
db.getRole( "restore", { showPrivileges: true } )
db. grantPrivilegesToRole("restore", [{resource:{db:"config",collection:"system.sessions"},actions:['find','insert','remove','update']}])
4.其它:
show users:只显示具体某个DB的用户
db.system.users.find():显示的是整个集群里的所有用户
来源:oschina
链接:https://my.oschina.net/u/4490756/blog/3217849