Mongodb3.0 UserManager

来源:互联网 时间:1970-01-01


由于mongodb3.0细化了权限。所以在这里对权限的配置进行一翻测试。

在旧版本,用户的创建相对简单。管理也相对简单。想要创建一个管理员权限的用户。只要在admin下创建这个用户就可以。
但是在3.0的版本却不行。.

于是准备使用3.0新的内置角色权限,先来尝试配置并测试。

> use adminswitched to db admin

show roles 这个命令可以看到所有的内置角色。(太长,结果就不显示了。自己看看)

在这为admin配置了一个用户。拥有所有数据库的管理,用户管理,以及读写的权限。

> db.createUser({"user":"lwl","pwd":"123456","roles":["userAdminAnyDatabase","dbAdminAnyDatabase","readWriteAnyDatabase"]})Successfully added user: { "user" : "lwl", "roles" : [ "userAdminAnyDatabase", "dbAdminAnyDatabase", "readWriteAnyDatabase" ]}

查看下配置好的角色。

> db.system.users.findOne(){ "_id" : "admin.lwl", "user" : "lwl", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "BqS7rXSb5m8EjToOH1MV8g==", "storedKey" : "jDbR83pTp8USD3xvsZUdT1ngfco=", "serverKey" : "U3LnlS1RMRssLMbRso2Aa9Xg46A=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "dbAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ]}

ok。没有问题。再看看其他数据库是否能够查看到该角色。

> show dbsadmin 0.078GBlocal 0.078GBstorm 0.078GB> use stormswitched to db storm> db.system.user.findOne()null

好吧。其他数据库没有。先用验证模式启动看看效果。(验证模式启动步骤略。)

[[email protected] mongodb]# ./bin/mongoMongoDB shell version: 3.0.3connecting to: test> show dbs2015-08-26T08:32:19.757+0800 E QUERY Error: listDatabases failed:{ "ok" : 0, "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0 }", "code" : 13} at Error (<anonymous>) at Mongo.getDBs (src/mongo/shell/mongo.js:47:15) at shellHelper.show (src/mongo/shell/utils.js:630:33) at shellHelper (src/mongo/shell/utils.js:524:36) at (shellhelp2):1:1 at src/mongo/shell/mongo.js:47

可以看出需要验证用户才可以操作。

> use stormswitched to db storm> db.auth("lwl","123456")Error: 18 Authentication failed.0

我先到了storm库去验证用户。结果不行。和预料的差不多。接着我们去admin库

> use adminswitched to db admin> db.auth("lwl","123456")1> show collectionssystem.indexessystem.userssystem.version

好的,验证成功了。也能列出集合了。进一步尝试其他操作。

> db.system.users.find(){ "_id" : "admin.lwl", "user" : "lwl", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "BqS7rXSb5m8EjToOH1MV8g==", "storedKey" : "jDbR83pTp8USD3xvsZUdT1ngfco=", "serverKey" : "U3LnlS1RMRssLMbRso2Aa9Xg46A=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "dbAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ] }> db.test.insert({"name":"lwl"})WriteResult({ "nInserted" : 1 })> db.test.find(){ "_id" : ObjectId("55dd0aa2631947e3a47874fc"), "name" : "lwl" }

OK。读写都没有问题。先看看别的数据库是否可以操作了。毕竟我们配置了是拥有所有库的角色。

> use stormswitched to db storm> show collectionssystem.indexesword> db.word.find(){ "_id" : ObjectId("557eb5be12339719a5bb7c5e"), "text" : "My Name Is LWL", "isReader" : false }> db.word.insert({"test":"haha"})WriteResult({ "nInserted" : 1 })

没有问题。再尝试下管理这个库的角色。

> db.createUser({"user":"storm_r","pwd":"123456","roles":["read"]})Successfully added user: { "user" : "storm_r", "roles" : [ "read" ] }> show collectionssystem.indexesword

角色的管理是成功的。但是没有看到system.user。可能依旧在admin里面。我们可以去看看

> use adminswitched to db admin> db.system.users.find(){ "_id" : "admin.lwl", "user" : "lwl", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "BqS7rXSb5m8EjToOH1MV8g==", "storedKey" : "jDbR83pTp8USD3xvsZUdT1ngfco=", "serverKey" : "U3LnlS1RMRssLMbRso2Aa9Xg46A=" } }, "roles" : [ { "role" : "userAdminAnyDatabase", "db" : "admin" }, { "role" : "dbAdminAnyDatabase", "db" : "admin" }, { "role" : "readWriteAnyDatabase", "db" : "admin" } ] }{ "_id" : "storm.storm_r", "user" : "storm_r", "db" : "storm", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "S+v0xePkoHo3ADwgxrTf5A==", "storedKey" : "zwSlyIOMjaVUChIv9nPNhn7HWak=", "serverKey" : "teM4iyEu3IjPq/SmCB4SAoUfMzQ=" } }, "roles" : [ { "role" : "read", "db" : "storm" } ] }

好的,我们看到了这个用户。测试下是否生效

> exitbye[[email protected] mongodb]# ./bin/mongoMongoDB shell version: 3.0.3connecting to: test> use stormswitched to db storm> db.auth("storm_r","123456")1> show collectionssystem.indexesword> db.word.find(){ "_id" : ObjectId("557eb5be12339719a5bb7c5e"), "text" : "My Name Is LWL", "isReader" : false }{ "_id" : ObjectId("55dd0b51631947e3a47874fd"), "test" : "haha" }> db.word.insert({"test":"write"})WriteResult({ "writeError" : { "code" : 13, "errmsg" : "not authorized on storm to execute command { insert: /"word/", documents: [ { _id: ObjectId('55dd0e3f7f4b634eafacb5e3'), test: /"write/" } ], ordered: true }" }})

OK。没有问题。看来3.0的内置权限还是蛮方便的。功能也更强大了。



相关阅读:
Top