启动服务
D:\MongoDB\Server\3.6\bin>mongod.exe --dbpath D:\MongoDB\Server\3.6\data

扩展
无认证启动:mongod --port 27017 --dbpath /data/db
认证启动:mongod --auth --port 27017 --dbpath /data/db
连接:mongo --port 27017

查看MongoDB所有Role定义

$ ./mongo.exe

MongoDB shell version v3.6.5

connecting to: mongodb://127.0.0.1:27017

MongoDB server version: 3.6.5

use admin

switched to db admin

db.getRoles(

    {

      rolesInfo: 1,

      showPrivileges:false,

      showBuiltinRoles: true

    }

)

[

        {

                "role" : "__queryableBackup",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "__system",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "backup",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "clusterAdmin",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "clusterManager",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "clusterMonitor",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "dbAdmin",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "dbAdminAnyDatabase",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "dbOwner",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "enableSharding",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "hostManager",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "read",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "readAnyDatabase",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "readWrite",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "readWriteAnyDatabase",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "restore",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "root",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "userAdmin",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        },

        {

                "role" : "userAdminAnyDatabase",

                "db" : "admin",

                "isBuiltin" : true,

                "roles" : [ ],

                "inheritedRoles" : [ ]

        }

]

创建一个用户(在数据库里新建用户,不指定db默认指向当前db

创建 db.createUser(用户名,密码,拥有的角色。角色可以写多个)

use test

switched to db test

db.createUser(

   {

     user: "banana",

     pwd: "123456",

     roles: [ "readWrite" ]

   }

)

Successfully added user: { "user" : "banana", "roles" : [ "readWrite" ] }

db.getUsers()

[

    {

        "_id" : "test.banana",

        "user" : "banana",

        "db" : "test",

        "roles" : [

            {

                "role" : "readWrite",

                "db" : "test"

            }

        ]

    }

]

创建一个用户(在admin数据库里新建用户

(可以写多个role-db组合)

use admin

switched to db admin

db.createUser(

   {

     user: "apple",

     pwd: "qwer",

     roles: [ {role:"read",db:"test"} ]

   }

)

Successfully added user: {

    "user" : "apple",

    "roles" : [

        {

            "role" : "read",

            "db" : "test"

        }

    ]

}

db.getUsers()

[

    {

        "_id" : "admin.apple",

        "user" : "apple",

        "db" : "admin",

        "roles" : [

            {

                "role" : "read",

                "db" : "test"

            }

        ]

    }

]

修改密码

db.changeUserPassword("apple", "niudun")

删除用户(只会删除当前数据库里面的存在的用户

db.dropUser("apple")

true

 下面测试权限,再创建2个用户

test

use test

switched to db test

db.createUser(

   {

     user: "peach",

     pwd: "taozi",

     roles: [

        {role : "readWrite", db : "test"},

        {role : "readWrite", db : "test2"}

     ]

   }

)

Successfully added user: {

    "user" : "peach",

    "roles" : [

        {

            "role" : "readWrite",

            "db" : "test"

        },

        {

            "role" : "readWrite",

            "db" : "test2"

        }

    ]

}

db.getUsers()

[

    {

        "_id" : "test.banana",

        "user" : "banana",

        "db" : "test",

        "roles" : [

            {

                "role" : "readWrite",

                "db" : "test"

            }

        ]

    },

    {

        "_id" : "test.peach",

        "user" : "peach",

        "db" : "test",

        "roles" : [

            {

                "role" : "readWrite",

                "db" : "test"

            },

            {

                "role" : "readWrite",

                "db" : "test2"

            }

        ]

    }

]

admin

use admin
switched to db admin
db.createUser(

   {

     user: "pineapple",

     pwd: "boluo",

     roles: [ "readWrite", "userAdmin" ]

   }

)

Successfully added user: { "user" : "pineapple", "roles" : [ "readWrite", "userAdmin" ] }

db.getUsers()

[

    {

        "_id" : "admin.apple",

        "user" : "apple",

        "db" : "admin",

        "roles" : [

            {

                "role" : "read",

                "db" : "test"

            }

        ]

    },

    {

        "_id" : "admin.pineapple",

        "user" : "pineapple",

        "db" : "admin",

        "roles" : [

            {

                "role" : "readWrite",

                "db" : "admin"

            },

            {

                "role" : "userAdmin",

                "db" : "admin"

            }

        ]

    }

]

先把服务开启认证重启

D:\MongoDB\Server\3.6\bin>mongod.exe --auth --dbpath D:\MongoDB\Server\3.6\data

 第一种连接方法(先进去再认证)

[d:\MongoDB\Server\3.6\bin]$ mongo.exe

MongoDB shell version v3.6.5

connecting to: mongodb://127.0.0.1:27017

MongoDB server version: 3.6.5

db.stats()

{

    "ok" : 0,

    "errmsg" : "not authorized on test to execute command { dbstats: 1.0, scale: undefined, $db: \"test\" }",

    "code" : 13,

    "codeName" : "Unauthorized"

}

你访问之前需要认证

db.auth("banana","123456")

1

查看数据库状态

db.stats()

{

    "db" : "test",

    "collections" : 2,

    "views" : 0,

    "objects" : 4,

    "avgObjSize" : 73,

    "dataSize" : 292,

    "storageSize" : 32768,

    "numExtents" : 0,

    "indexes" : 2,

    "indexSize" : 32768,

    "fsUsedSize" : 41188569088,

    "fsTotalSize" : 332861009920,

    "ok" : 1

}

查看集合(也可以用show collections)

show tables

aaa

my_collection

查看集合里面的数据(已有的)

db.aaa.find()

{ "_id" : NumberLong(1), "name" : "BBB", "_class" : "com.example.demo.entity.Book" }

{ "_id" : NumberLong(2), "name" : "CCC", "_class" : "com.example.demo.entity.Book" }

切换admin数据库

use admin

switched to db admin

show tables

2018-08-10T12:59:43.551+0800 E QUERY    [thread1] Error: listCollections failed: {

    "ok" : 0,

    "errmsg" : "not authorized on admin to execute command { listCollections: 1.0, filter: {}, $db: \"admin\" }",

    "code" : 13,

    "codeName" : "Unauthorized"

} :

_getErrorWithCode@src/mongo/shell/utils.js:25:13

DB.prototype._getCollectionInfosCommand@src/mongo/shell/db.js:941:1

DB.prototype.getCollectionInfos@src/mongo/shell/db.js:953:19

DB.prototype.getCollectionNames@src/mongo/shell/db.js:964:16

shellHelper.show@src/mongo/shell/utils.js:842:9

shellHelper@src/mongo/shell/utils.js:739:15

@(shellhelp2):1:1

可以得出结论:用户存在哪一个数据库,就只能在那一个数据库上认证

先用Apple认证(因为没有赋予高级角色,所以不能访问高级内容)

db.auth("apple","niudun")

1

show dbs

2018-08-10T13:07:10.786+0800 E QUERY    [thread1] Error: listDatabases failed:{

    "ok" : 0,

    "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, $db: \"admin\" }",

    "code" : 13,

    "codeName" : "Unauthorized"

} :

_getErrorWithCode@src/mongo/shell/utils.js:25:13

Mongo.prototype.getDBs@src/mongo/shell/mongo.js:65:1

shellHelper.show@src/mongo/shell/utils.js:849:19

shellHelper@src/mongo/shell/utils.js:739:15

@(shellhelp2):1:1

我们知道这个apple是拥有test的读取权限的,但是它却存储在admin里,我们用它访问test试试

use admin

switched to db admin

db.auth("apple","niudun")

1

use test

switched to db test

show tables

aaa

my_collection

db.aaa.find()

{ "_id" : NumberLong(1), "name" : "BBB", "_class" : "com.example.demo.entity.Book" }

{ "_id" : NumberLong(2), "name" : "CCC", "_class" : "com.example.demo.entity.Book" }

我们还有一个pineapple,没有与test的联系,看他能不能访问

use admin

switched to db admin

db.auth("pineapple","boluo")

1

use test

switched to db test

show tables

2018-08-10T13:51:49.650+0800 E QUERY    [thread1] Error: listCollections failed: {

    "ok" : 0,

    "errmsg" : "not authorized on test to execute command { listCollections: 1.0, filter: {}, $db: \"test\" }",

    "code" : 13,

    "codeName" : "Unauthorized"

} :

_getErrorWithCode@src/mongo/shell/utils.js:25:13

DB.prototype._getCollectionInfosCommand@src/mongo/shell/db.js:941:1

DB.prototype.getCollectionInfos@src/mongo/shell/db.js:953:19

DB.prototype.getCollectionNames@src/mongo/shell/db.js:964:16

shellHelper.show@src/mongo/shell/utils.js:842:9

shellHelper@src/mongo/shell/utils.js:739:15

@(shellhelp2):1:1

那么暂时得出结论:创建在admin里面的用户,如果赋予访问其他数据库的权限,则在admin上通过认证之后,可以访问它权限范围内的数据库;否则不能。

那么普通数据库呢?

use test

switched to db test

db.auth("peach","taozi")

1

db.stats()

{

    "db" : "test",

    "collections" : 2,

    "views" : 0,

    "objects" : 4,

    "avgObjSize" : 73,

    "dataSize" : 292,

    "storageSize" : 32768,

    "numExtents" : 0,

    "indexes" : 2,

    "indexSize" : 32768,

    "fsUsedSize" : 41192714240,

    "fsTotalSize" : 332861009920,

    "ok" : 1

}

use test2

switched to db test2

show tables

bbb

db.bbb.find()

{ "_id" : ObjectId("5b6d29e778212a9cb2bbd958"), "name" : "test2.bbb.data" }

这个peach用户拥有对test2数据库的访问权限。那么说:无论admin还是普通数据库,只要对创建的用户赋予访问其它数据库的权限,都是可以访问的。

如果说,我不想去指定用户能不能访问某个数据库,用户也可以访问。那可以通过赋予高级权限来搞定

// 这里的pineapple拥有创建用户权限,所以这里可以直接创建新用户并赋予权限
use admin
switched to db admin
db.auth("pineapple","boluo")
1
db.createUser(

   {

     user: "peach",

     pwd: "taozi",

     roles: ["dbAdminAnyDatabase"]

   }

)

Successfully added user: { "user" : "peach", "roles" : [ "dbAdminAnyDatabase" ] }

db.getUsers()

[

    {

        "_id" : "admin.apple",

        "user" : "apple",

        "db" : "admin",

        "roles" : [

            {

                "role" : "read",

                "db" : "test"

            }

        ]

    },

    {

        "_id" : "admin.peach",

        "user" : "peach",

        "db" : "admin",

        "roles" : [

            {

                "role" : "dbAdminAnyDatabase",

                "db" : "admin"

            }

        ]

    },

    {

        "_id" : "admin.pineapple",

        "user" : "pineapple",

        "db" : "admin",

        "roles" : [

            {

                "role" : "readWrite",

                "db" : "admin"

            },

            {

                "role" : "userAdmin",

                "db" : "admin"

            }

        ]

    }

]

db.auth("peach","taozi")

1

use test

switched to db test

show tables

aaa

my_collection
use test2
switched to db test2
show tables
bbb

无意间又发现:不同数据库的用户即使相同,它们之间也互不影响!因为我的peach用户在test数据库也有了,admin中也有。

大概就这么多,有新的会补上

第二种连接方法(登录的时候就认证)

mongo.exe --port 27017 -u "用户名" -p "密码" --authenticationDatabase "认证数据库"

..

[d:\MongoDB\Server\3.6\bin]$ mongo.exe --port 27017 -u "peach" -p "taozi" --authenticationDatabase "admin"

MongoDB shell version v3.6.5

connecting to: mongodb://127.0.0.1:27017/

MongoDB server version: 3.6.5

db.stats()

{

    "db" : "test",

    "collections" : 2,

    "views" : 0,

    "objects" : 4,

    "avgObjSize" : 73,

    "dataSize" : 292,

    "storageSize" : 32768,

    "numExtents" : 0,

    "indexes" : 2,

    "indexSize" : 32768,

    "fsUsedSize" : 41195212800,

    "fsTotalSize" : 332861009920,

    "ok" : 1

}

2018-08-10T14:42:32.210+0800 I CONTROL  [thread2] CTRL_CLOSE_EVENT signal

2018-08-10T14:42:32.210+0800 I CONTROL  [consoleTerminate] got CTRL_CLOSE_EVENT, will terminate after current cmd ends

2018-08-10T14:42:32.211+0800 I CONTROL  [consoleTerminate] shutting down with code:12

[d:\MongoDB\Server\3.6\bin]$ mongo.exe --port 27017 -u "pineapple" -p "boluo" --authenticationDatabase "admin"

MongoDB shell version v3.6.5

connecting to: mongodb://127.0.0.1:27017/

MongoDB server version: 3.6.5

db.stats()

{

    "ok" : 0,

    "errmsg" : "not authorized on test to execute command { dbstats: 1.0, scale: undefined, $db: \"test\" }",

    "code" : 13,

    "codeName" : "Unauthorized"

}

我先用peach登录,因为它拥有所有数据库的权限,所以默认进来test,可以直接访问的。然而我用pineapple登录,它仅仅拥有admin的权限,所以进来test是不能访问的。

我想说什么呢,我以为会自动进入你输入的认证数据库,结果不是。

最后总结一下用到的命令

命令 说明
mongod.exe --auth --dbpath D:\MongoDB\Server\3.6\data 启动服务(认证状态)
use [db] 切换数据库,不存在即创建
show dbs 查看数据库列表
db.dropDatabase() 删除当前数据库
db.stats() 查看数据库状态信息
show tables/collections 查看当前数据库里的表(集合)
mongo.exe --port 27017 -u "peach" -p "taozi" --authenticationDatabase "admin" 以用户名密码认证登录 
use admin

db.createUser(

   {

     user: "peach",

     pwd: "taozi",

     roles:

       [

         { role: "readWrite", db: "test" },

         "userAdmin"

       ]

   }

)
 创建用户,可以指定role-db。只有role-默认当前数据库

use admin
   db.changeUserPassword("peach", "123")

 修改密码。当前数据库下的已存在的用户

use admin

db.dropUser("peach")

 删除用户

db.dropAllUsers()

 删除所有用户

use admin

db.getUser("peach")

 获取用户信息

use admin

db.getUsers()

 获取所有用户

use admin

db.auth("peach", "123" )

 认证

db.collection.find()

 列出集合里面的数据

db.collection.dataSize()

 集合大小

db.collection.drop()

 删除集合

db.collection.insert( { item: "card", qty: 15 } )

 添加数据

概念对比:

mongoDB-权限控制的更多相关文章

  1. MongoDB 安全和访问权限控制

    MongoDB的访问控制能够有效保证数据库的安全,访问控制是指绑定Application监听的IP地址,设置监听端口,使用账户和密码登录 一,访问控制的参数 1,绑定IP地址 mongod 参数:-- ...

  2. aProxy: 带认证授权和权限控制的反向代理

    前段时间很多数据库因为没有做好权限控制暴露在外网被删然后遭勒索的事件,而类似的有些内网的web服务也会被开放到公网并且没有做任何权限控制的,这样也会有一定的风险.所以就决定写篇文章简单介绍一个小工具. ...

  3. MongoDB——权限管理

    MongoDB--权限管理 MongoDB默认是没有权限验证的,但生产环境中,没有权限控制是很不安全的. 我们先不详谈太多概念,直接动手创建两个典型的账号: 超级管理员,类似sql server的sa ...

  4. 单点登录(十八)----cas4.2.x客户端增加权限控制shiro

    我们在上面章节已经完成了cas4.2.x登录启用mongodb的验证方式. 单点登录(十三)-----实战-----cas4.2.X登录启用mongodb验证方式完整流程 也完成了获取管理员身份属性 ...

  5. 尝试asp.net mvc 基于controller action 方式权限控制方案可行性

    微软在推出mvc框架不久,短短几年里,版本更新之快,真是大快人心,微软在这种优秀的框架上做了大量的精力投入,是值得赞同的,毕竟程序员驾驭在这种框架上,能够强力的精化代码,代码层次也更加优雅,扩展较为方 ...

  6. WebGIS中快速整合管理多源矢量服务以及服务权限控制的一种设计思路

    文章版权由作者李晓晖和博客园共有,若转载请于明显处标明出处:http://www.cnblogs.com/naaoveGIS/ 1.背景 在真实项目中,往往GIS服务数据源被其他多个信息中心或者第三方 ...

  7. ASP.NET MVC实现权限控制

    这篇分享一下 ASP.NET MVC权限控制.也就是说某一用户登录之后,某一个用户是否有权限访问Controller,Action(操作),视图等 想实现这些功能,需要在数据库创建好几个表:[User ...

  8. springmvc+spring+mybatis+maven项目集成shiro进行用户权限控制【转】

    项目结构:   1.maven项目的pom中引入shiro所需的jar包依赖关系 ? 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 ...

  9. Appfuse:权限控制

    Appfuse的权限控制依赖于Struts的Menu机制,common下的menu.jsp是对菜单顺序的定义,详细的菜单项和菜单链接及权限再menu-config.xml中控制,如下: <Men ...

  10. .NET WebAPI 用ActionFilterAttribute实现token令牌验证与对Action的权限控制

    项目背景是一个社区类的APP(求轻吐...),博主主要负责后台业务及接口.以前没玩过webAPI,但是领导要求必须用这个(具体原因鬼知道),只好硬着头皮上了. 最近刚做完权限这一块,分享出来给大家.欢 ...

随机推荐

  1. SLAs-笔记

    类型 sla status determined at time intervals over a timeline: average transaction response time errors ...

  2. 算法题 -- 输入一个Long数组,按要求输出一个等长的Long数组

    /** * 输入一个Long数组,按要求输出一个等长的Long数组 * 输出数组的元素值等于,输入数组除相同下标外其他元素的积 * 如:输入[1, 2, 3, 4], 输出[24, 12, 8, 6] ...

  3. Sharepoint 2016 - Deploy Office Online Server

    Step 1: Install prerequisite software for Office Online Server   To install Office Online Server Ope ...

  4. [BZOJ 2705] [SDOI 2012] Longge的问题

    Description Longge的数学成绩非常好,并且他非常乐于挑战高难度的数学问题.现在问题来了:给定一个整数 \(N\),你需要求出 \(\sum gcd(i, N)(1\le i \le N ...

  5. Fence Repair POJ - 3253 哈夫曼思想 优先队列

    题意:给出一段无限长的棍子,切一刀需要的代价是棍子的总长,例如21切一刀 变成什么长度 都是代价21 列如7切成5 和2 也是代价7题解:可以利用霍夫曼编码的思想 短的棍子就放在底层 长的尽量切少一次 ...

  6. STL的一些基本操作

    STL是一个神奇的东西,在NOIP考试中非常重要. 什么是STL? STL(Standard Template Library),即标准模板库,是一个具有工业强度的,高效的C++程序库.它被容纳于C+ ...

  7. Minimum number of steps CodeForces - 805D(签到题)

    D. Minimum number of steps time limit per test 1 second memory limit per test 256 megabytes input st ...

  8. ubuntu 16.04 主题美化及终端美化

    如果你使用的是图形界面,你会发现ubuntu默认的界面真是丑的一批,所以简单美化一下: 1.安装unity-tweak-tool: sudo apt-get install unity-tweak-t ...

  9. MySQL免安装版,遇到MSVCR120.dll文件丢失错误的解决方案

    下载 VC redist packages for x64,下载完成,点击运行即可.

  10. MT【264】分式变形

    已知$x,y>0,\dfrac{1}{x}+\dfrac{2}{y}=1$,求$\dfrac{1}{x+1}+\dfrac{2}{y+1}$的最大值____ 解答:令$a=\dfrac{1}{x ...