Zero-base learning MongoDB (2) — user management

This is the ninth day of my participation in the August More text Challenge. For details, see: August More Text Challenge

I have listened to several teachers’ classes on THE B website, which involved some history of mongodb, such as database deletion and blackmail. Therefore, open databases are very dangerous, so we need to add administrative users to them, so as to add a wall for our data security

1. Administrator type

Mongodb provides a number of roles for managing databases in different situations:

0. Database user roles:read,readWrite
1. Database management roles:dbAdmin,dbOwner,userAdmin
2. Cluster management Role:clusterAdmin,clusterManager,clusterMonitor,hostManager
3. Backup and restoration Roles:backup,restore
4. All database roles:readAnyDatabase,readWriteAnyDatabase,userAdminAnyDatabase,dbAdminAnyDatabase
5. Superuser role:root

Special note: dbOwner is the owner of a certain database, and root has all permissions

2. Create a super administrator

The admin database of mongodb is a collection of all administrators

By default, mongodb does not enable authentication login. Before enabling authentication, you must create a super administrator to manage other accounts and configure CFG files to enable security authentication

If you type mongo on the command line before you enable security authentication, you will see a list like this.

1. Create a user

Use db.createUser to configure the user name, password, permission, and user managed database

 > use admin
 switched to db admin
 > db.createUser({user:"admin",pwd:"123456",roles:[{role:"root",db:"admin"}]})
 Successfully added user: {
         "user" : "admin",
         "roles" : [
                 {
                         "role" : "root",
                         "db" : "admin"
                 }
         ]
 }
Copy the code

Run the show users command to view the current users in the database

2. Enable authentication login

Modify the mongod-cfg file in the bin directory of the mongodb installation directory and add the following code

 security:
     authorization: enabled
Copy the code

Note: files that start with a # sign can be interpreted as comments, so you can turn security authentication off if you don’t want to

3. Restart the service

Win +R, enter services. MSC, and restart the mongodb Server

4. Verify the login

When we successfully turn on security authentication, and enter mongo directly on the command line, we will see only a little bit, much less than before

At the same time, when you enter show DBS to check the database, it will be found that there is no database. At this time, we need to log in to the account we registered previously and use the command to fill in the account and password respectively. 1 will be returned after successful login, otherwise 0 will be returned

 db.auth("admin","123456")
Copy the code

At this point we look at the database again and we can see the content,

Update the user password

 db.updateUser('admin',{pwd:'password'})
Copy the code

Operation demo

To change a user’s permission, you only need to change “PWD” to “role”

4. Delete a user

 db.dropUser('username')
Copy the code

Users can be deleted under the user who has the permission to delete the library

Create a database administrator

An administrator who can only manage the Test database has been created

 db.createUser({user:"test",pwd:"123456",roles:[{role: "dbOwner", db: "test" }]})
Copy the code

When logging in, we need to switch to the corresponding test library to verify the login

 use test
 db.auth("test","123456")
Copy the code

\