1.用户角色介绍

来源:https://www.jianshu.com/p/79caa1cc49a5

Read:允许用户读取指定数据库
readWrite:允许用户读写指定数据库
dbAdmin:允许用户在指定数据库中执行管理函数,如索引创建、删除,查看统计或访问system.profile
userAdmin:允许用户向system.users集合写入,可以找指定数据库里创建、删除和管理用户
clusterAdmin:只在admin数据库中可用,赋予用户所有分片和复制集相关函数的管理权限。
readAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读权限
readWriteAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的读写权限
userAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的userAdmin权限
dbAdminAnyDatabase:只在admin数据库中可用,赋予用户所有数据库的dbAdmin权限。
root:只在admin数据库中可用。超级账号,超级权限

2.docker部署mongoDB

2.1准备映射目录

# 数据文件
mkdir -p /usr/local/mongodb/data
# 日志文件
mkdir -p /usr/local/mongodb/log

2.2docker部署mongoDB

docker run --name mongo-server -p 27017:27017 -v /usr/local/mongodb/data:/data/db -v /usr/local/mongodb/log:/data/log -d mongo:3.6.18 --auth

3.设置数据库的用户名和密码

# 创建mongo容器后,进入容器
docker exec -it mongo-server /bin/bash

# 进入mongo shell
mongo

# 进入admin数据库
use admin

# 创建超级权限root角色的用户,或者userAdminAnyDatabase 等角色权限比较大的用户,我创建的是拥有超级权限root角色的用户root
# 用户名:root,密码:root,角色:root,数据库:admin
db.createUser({user:'root',pwd:'root',roles:[{role:'root',db:'admin'}]})

在这里插入图片描述

# 认证登录db.auth('用户名','密码'),打印1则代表认证通过
db.auth('root','root')

在这里插入图片描述

# 接下来给数据库test_a_collection创建用户zhangsan
use test_a_collection      # 切换至数据库test_a_collection

# 创建用户zhangsan,角色为dbOwner,即代表zhangsan拥有对test_a_collection数据库的所有权限
db.createUser({user:"zhangsan", pwd:"123456", roles:[{role: "dbOwner", db:"test_a_collection" }]})

# zhangsan用户登录
db.auth('zhangsan','123456')

# 查看当前数据库的集合,因为是新的数据库,所以集合为空,不打印任何东西则代表成功
show collections

实际情况是报错了too many users are authenticated,没关系,不是什么大问题,报错原因是多次使用db.auth认证了多个用户
在这里插入图片描述
exit退出当前shell再重新进入mongo shell即可
操作步骤如下

# 退出当前shell
exit

# 重新进入mongo shell
mongo
use test_a_collection
db.auth('zhangsan','123456')
show collections

也可以继续给test_b_collection、test_c_collection等数据库设置用户密码,流程上是一样的,上面提到的整个给数据库设置用户名和密码的过程如下:

[root@td3 ~]# docker run --name mongo-server -p 27017:27017 -v  /usr/local/mongodb/data:/data/db -v  /usr/local/mongodb/log:/data/log -d mongo:3.6.18 --auth
4909326775ab65418ff2e8b5d0aa19c5f633d02a2bb920592685bb5b282cb2ef
[root@td3 ~]# docker exec -it mongo-server /bin/bash
root@4909326775ab:/# mongo
MongoDB shell version v3.6.18
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("7cb796e5-dada-4ec3-abb2-7049df197743") }
MongoDB server version: 3.6.18
Welcome to the MongoDB shell.
For interactive help, type "help".
For more comprehensive documentation, see
	http://docs.mongodb.org/
Questions? Try the support group
	http://groups.google.com/group/mongodb-user
> use admin
switched to db admin
>  db.createUser({user:'root',pwd:'root',roles:[{role:'root',db:'admin'}]})
Successfully added user: {
	"user" : "root",
	"roles" : [
		{
			"role" : "root",
			"db" : "admin"
		}
	]
}
> db.auth('root','root')
1
> use test_a_collection
switched to db test_a_collection
> db.createUser({user:"zhangsan", pwd:"123456", roles:[{role: "dbOwner", db:"test_a_collection" }]}) 
Successfully added user: {
	"user" : "zhangsan",
	"roles" : [
		{
			"role" : "dbOwner",
			"db" : "test_a_collection"
		}
	]
}
> db.auth('zhangsan','123456')
1
> show collections
2022-09-02T07:56:32.962+0000 E QUERY    [thread1] Error: listCollections failed: {
	"ok" : 0,
	"errmsg" : "too many users are authenticated",
	"code" : 13,
	"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype._getCollectionInfosCommand@src/mongo/shell/db.js:941:1
DB.prototype.getCollectionInfos@src/mongo/shell/db.js:953:19
DB.prototype.getCollectionNames@src/mongo/shell/db.js:964:16
shellHelper.show@src/mongo/shell/utils.js:853:9
shellHelper@src/mongo/shell/utils.js:750:15
@(shellhelp2):1:1
> exit
bye
root@4909326775ab:/# mongo
MongoDB shell version v3.6.18
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("85042d42-2d92-4ece-b3d8-a8f1c83ed52e") }
MongoDB server version: 3.6.18
> use test_a_collection
switched to db test_a_collection
> db.auth('zhangsan','123456')
1
> show collections
> use test_b_collection
switched to db test_b_collection
> db.createUser({user:"lisi", pwd:"123456", roles:[{role: "dbOwner", db:"test_b_collection" }]}) 
2022-09-02T07:58:32.391+0000 E QUERY    [thread1] Error: couldn't add user: not authorized on test_b_collection to execute command { createUser: "lisi", pwd: "xxx", roles: [ { role: "dbOwner", db: "test_b_collection" } ], digestPassword: false, writeConcern: { w: "majority", wtimeout: 600000.0 }, lsid: { id: UUID("85042d42-2d92-4ece-b3d8-a8f1c83ed52e") }, $db: "test_b_collection" } :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1437:15
@(shell):1:1
> exit
bye
root@4909326775ab:/# mongo
MongoDB shell version v3.6.18
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("7a0e1ab2-0637-4e3c-9c6b-f2d8b228aa92") }
MongoDB server version: 3.6.18
> use admin
switched to db admin
> db.auth('root','root')
1
> use test_b_collection
switched to db test_b_collection
> db.createUser({user:"lisi", pwd:"123456", roles:[{role: "dbOwner", db:"test_b_collection" }]}) 
Successfully added user: {
	"user" : "lisi",
	"roles" : [
		{
			"role" : "dbOwner",
			"db" : "test_b_collection"
		}
	]
}
> db.auth('lisi','123456')
1
> show collections
2022-09-02T07:59:41.918+0000 E QUERY    [thread1] Error: listCollections failed: {
	"ok" : 0,
	"errmsg" : "too many users are authenticated",
	"code" : 13,
	"codeName" : "Unauthorized"
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype._getCollectionInfosCommand@src/mongo/shell/db.js:941:1
DB.prototype.getCollectionInfos@src/mongo/shell/db.js:953:19
DB.prototype.getCollectionNames@src/mongo/shell/db.js:964:16
shellHelper.show@src/mongo/shell/utils.js:853:9
shellHelper@src/mongo/shell/utils.js:750:15
@(shellhelp2):1:1
> exit
bye
root@4909326775ab:/# mongo
MongoDB shell version v3.6.18
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("76b1f8a7-10d8-4a3f-924c-75e252e246ab") }
MongoDB server version: 3.6.18
> use test_b_collection
switched to db test_b_collection
> db.auth('lisi','123456')
1
> show collections
> db.createUser({user:"zhangsan", pwd:"123456", roles:[{role: "dbOwner", db:"test_b_collection" }]}) 
Successfully added user: {
	"user" : "zhangsan",
	"roles" : [
		{
			"role" : "dbOwner",
			"db" : "test_b_collection"
		}
	]
}
> db.auth('zhangsan','123456')
1
> exit
bye
root@4909326775ab:/# mongo
MongoDB shell version v3.6.18
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("9bfea8c3-c827-47ea-b2a1-8e703992fe5d") }
MongoDB server version: 3.6.18
> use test_b_collection
switched to db test_b_collection
> db.auth('zhangsan','123456')
1
> show collections
> exit
bye
root@4909326775ab:/# mongo
MongoDB shell version v3.6.18
connecting to: mongodb://127.0.0.1:27017/?gssapiServiceName=mongodb
Implicit session: session { "id" : UUID("eef4c7d4-560f-44a7-a064-57106ee1cee0") }
MongoDB server version: 3.6.18
> use test_c_collection
switched to db test_c_collection
> db.createUser({user:"zhangsan", pwd:"123456", roles:[{role: "dbOwner", db:"test_c_collection" }]}) 
2022-09-02T08:03:54.556+0000 E QUERY    [thread1] Error: couldn't add user: there are no users authenticated :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DB.prototype.createUser@src/mongo/shell/db.js:1437:15
@(shell):1:1
# 数据库 # docker # mongodb
Logo
华为开发者空间

华为开发者空间,是为全球开发者打造的专属开发空间,汇聚了华为优质开发资源及工具,致力于让每一位开发者拥有一台云主机,基于华为根生态开发、创新。

更多推荐

cover

技术揭秘 DWS 实时数仓解决方案,如何深度融合 Flink 简化数据链路

avatar 华为开发者空间
cover

GaussDB关键技术原理:高弹性(四)

avatar 华为开发者空间
cover

【有奖征文】华为云 CodeArts,AI 重塑的软件开发生产线!

avatar 华为开发者空间