The content of this article is an introduction to users and permissions in mongoDB. It has a good reference value and I hope it can help friends in need.
Preface
For databases, users and permissions are a very important part, because they involve security. So what are the users and permissions of mongoDB?
Instructions
Environment Description
The mongoDB version used in this article is 3.6, and the operating system is windows.
Other instructions
Due to space limitations, this article will not introduce the process from downloading to installing the database. Regarding installation tutorials, there are a large number of tutorials on the Internet. You can follow these tutorials to install and run it. This article will focus on the users and permissions part of mongoDB.
Server and client
For mongoDB, it is divided into server and client.
In the installation directory of the windows environment, double-click to open mongod.exe to start the mongoDB service.
When the service is started, you can double-click mongo.exe to open the client to connect to the mongoDB service.
Enable authorization mode
After mongoDB is installed, if you directly use mongod.exe to start the service, the default is not to enable authorization mode, if your mongoDB does not enable authorization mode , then anyone can log in to the mongoDB server without a username and password, and do whatever they want with your database, or even directly delete the database and run away. Therefore, in a production environment, please make sure you remember to turn on authorization mode.
So, how to enable authorization mode?
Open cmd, enter the bin directory of the installation directory, and execute the following command:
mongod --auth --port 27017 --dbpath /data/db
Copy after login
Copy after login
After turning on the authorization mode, open mongo.exe, and under the admin database, execute show dbs, at this time, the database will report an error, reminding you that there is no authorization. As follows:
##User type
mongoDB database is roughly divided into two types of users, one is the administrator user, the other is is an ordinary user.
Administrator
We create an administrator user (userAdmin or userAdminAnyDatabase role) in the admin database. The administrator user can manage ordinary users.
First, open the mongoDB service in
non-authorized mode.
mongod --port 27017 --dbpath /data/db
Copy after login
Then enter the admin database and execute the following command:
use admin
db.createUser(
{
user: "larry",
pwd: "123456",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
}
)Copy after login
When prompted Successfully added user, it proves that the administrator user has been added successfully.
Normal User
When the administrator user is successfully created, we can use this administrator user to create a normal user for each database.
First, close all mongo shell windows above.
Then open the mongoDB service in
authorization mode.
mongod --auth --port 27017 --dbpath /data/db
Copy after login
Copy after login
Open the mongo.exe client, enter the admin database, and log in with
db.auth().
The first parameter is the administrator user name larry created above, and the second parameter is the password of the administrator user larry.
The result returns 1, indicating that the administrator larry logged in successfully.
Next, use this administrator to create a normal user moddx for the photo_app database, and specify its permissions as readWrite.
use photo_app
db.createUser(
{
user: "moddx",
pwd: "123456",
roles: [{ role: "readWrite", db: "photo_app"}]
}
)Copy after login
View users
All global accounts
First, log in to the admin database with the
admin account, and then execute the following command:
db.system.users.find().pretty()
Copy after login
Accounts under the current library
View all global accounts, only administrators can view them, and view the accounts in the current library, Both ordinary users and administrator users can view it. The command to view the accounts under the current library is as follows:
show users
Copy after login
Delete user
Required An administrator account with dropUser rights can delete a user, so you need to log in with an administrator account to perform the operation.
The command to delete ordinary user moddx is as follows:
db.dropUser("moddx", {w: "majority", wtimeout: 5000})Copy after login
Revoke permissions
To revoke the permissions of a user, the command is as follows:
db.revokeRolesFromUser(
"moddx",
[
{ role: "readWrite", db: "photo_app" }
]
)Copy after login
Note: Although the above command revokes moddx The user has read and write permissions in the photo_app database. However, the user has not been deleted and can still log in.
Grant permissions
The following command gives user moddx read and write permissions in photo_app, and at the same time, gives him read permissions in the demodb database
use photo_app
db.grantRolesToUser(
"moddx",
[ "readWrite" , { role: "read", db: "demodb" } ],
{ w: "majority" , wtimeout: 4000 }
)Copy after login
Change password
The following command changes the password of user moddx in photo_app:
use photo_app
db.changeUserPassword("moddx", "newpwd")Copy after login
Summary
Regarding users and permissions, these are the common shell operation commands. I hope it can help you use mongoDB. Come for convenience.
Related recommendations:
[MongoDB] mongodb and php php mongodb update php connection mongodb php mongodb not authorize
MongoDB Journey (2) Basic Operations (MongoDB Javascript Shell)
The above is the detailed content of Introduction to users and permissions in mongoDB. For more information, please follow other related articles on the PHP Chinese website!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
