Introduction to users and permissions in mongoDB

The content of this article is an introduction to users and permissions in mongoDB. It has a good reference value and I hope it can help friends in need.

Preface

For databases, users and permissions are a very important part, because they involve security. So what are the users and permissions of mongoDB?

Instructions

Environment Description

The mongoDB version used in this article is 3.6, and the operating system is windows.

Other instructions

Due to space limitations, this article will not introduce the process from downloading to installing the database. Regarding installation tutorials, there are a large number of tutorials on the Internet. You can follow these tutorials to install and run it. This article will focus on the users and permissions part of mongoDB.

Server and client

For mongoDB, it is divided into server and client.
In the installation directory of the windows environment, double-click to open mongod.exe to start the mongoDB service.
When the service is started, you can double-click mongo.exe to open the client to connect to the mongoDB service.

Enable authorization mode

After mongoDB is installed, if you directly use mongod.exe to start the service, the default is not to enable authorization mode, if your mongoDB does not enable authorization mode , then anyone can log in to the mongoDB server without a username and password, and do whatever they want with your database, or even directly delete the database and run away. Therefore, in a production environment, please make sure you remember to turn on authorization mode.

So, how to enable authorization mode?
Open cmd, enter the bin directory of the installation directory, and execute the following command:

mongod --auth --port 27017 --dbpath /data/db

After turning on the authorization mode, open mongo.exe, and under the admin database, execute show dbs, at this time, the database will report an error, reminding you that there is no authorization. As follows:

##User type

mongoDB database is roughly divided into two types of users, one is the administrator user, the other is is an ordinary user.

Administrator

We create an administrator user (userAdmin or userAdminAnyDatabase role) in the admin database. The administrator user can manage ordinary users.

First, open the mongoDB service in
non-authorized mode.

mongod --port 27017 --dbpath /data/db

Then enter the admin database and execute the following command:

use admin
db.createUser(
  {
    user: "larry",
    pwd: "123456",
    roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
  }
)

When prompted Successfully added user, it proves that the administrator user has been added successfully.

Normal User

When the administrator user is successfully created, we can use this administrator user to create a normal user for each database.

First, close all mongo shell windows above.
Then open the mongoDB service in
authorization mode.

mongod --auth --port 27017 --dbpath /data/db

Open the mongo.exe client, enter the admin database, and log in with

db.auth().

The first parameter is the administrator user name larry created above, and the second parameter is the password of the administrator user larry.

The result returns 1, indicating that the administrator larry logged in successfully.
Next, use this administrator to create a normal user moddx for the photo_app database, and specify its permissions as readWrite.

use photo_app
db.createUser(
{
  user: "moddx",
  pwd: "123456",
  roles: [{ role: "readWrite", db: "photo_app"}]
}
)

View users

All global accounts

First, log in to the admin database with the

admin account, and then execute the following command:

db.system.users.find().pretty()

Accounts under the current library

View all global accounts, only administrators can view them, and view the accounts in the current library, Both ordinary users and administrator users can view it. The command to view the accounts under the current library is as follows:

show users

Delete user

Required An administrator account with dropUser rights can delete a user, so you need to log in with an administrator account to perform the operation.

The command to delete ordinary user moddx is as follows:

db.dropUser("moddx", {w: "majority", wtimeout: 5000})

Revoke permissions

To revoke the permissions of a user, the command is as follows:

db.revokeRolesFromUser(
    "moddx",
    [
      { role: "readWrite", db: "photo_app" }
    ]
)

Note: Although the above command revokes moddx The user has read and write permissions in the photo_app database. However, the user has not been deleted and can still log in.

Grant permissions

The following command gives user moddx read and write permissions in photo_app, and at the same time, gives him read permissions in the demodb database

use photo_app
db.grantRolesToUser(
   "moddx",
   [ "readWrite" , { role: "read", db: "demodb" } ],
   { w: "majority" , wtimeout: 4000 }
)

Change password

The following command changes the password of user moddx in photo_app:

use photo_app
db.changeUserPassword("moddx", "newpwd")

Summary

Regarding users and permissions, these are the common shell operation commands. I hope it can help you use mongoDB. Come for convenience.

Related recommendations:

[MongoDB] mongodb and php php mongodb update php connection mongodb php mongodb not authorize

MongoDB Journey (2) Basic Operations (MongoDB Javascript Shell)

The above is the detailed content of Introduction to users and permissions in mongoDB. For more information, please follow other related articles on the PHP Chinese website!