📅 最后修改于: 2020-11-23 01:05:49 🧑 作者: Mango
mongo DB用户管理命令包含与用户相关的命令。我们可以使用以下用户管理命令来创建,删除和更新用户。
MongoDB createUser命令为我们运行命令的数据库创建一个新用户。如果用户已经存在,它将返回重复的用户错误。
句法:
{
createUser: "",
pwd: ""
customData: { },
roles: [
{ role: "", db: "" } | "",
...
],
writeConcern: { },
authenticationRestrictions: [
{ clientSource: [ "", ... ], serverAddress: [ "", ... ] },
...
],
mechanisms: [ "", ...],
digestPassword:
}
createUser命令具有以下字段:
| Field | Type | Description |
|---|---|---|
| createUser | string | This field contains the name of the new user. |
| pwd | string | This field contains the user’s password. The value can be either the user’s password in cleartext string or passwordPrompt() to prompt for the user’s password. |
| customData | document | This field contains the data that an admin wishes to associate with the particular user. |
| roles | array | The field grants any role to the user. |
| digestPassword | boolean | The digestPassword indicates that it is a server or a client who digests the password. |
| writeConcern | document | This field contains the write concern for the creation operation. |
| authentication Restrictions |
array | It enforces the authentication rules on the created user. It provides a list of IP addresses and CIDR ranges from which the user is allowed to connect. |
| mechanism | array | This field specifies the SCRAM mechanisms. The valid SCRAM values are SCRAM-SHA-1 and SCRAM-SHA-256. |
例:
db.getSiblingDB("student").runCommand( {
createUser: "admin@javaTpoint",
pwd: passwordPrompt(),
customData: { empId: 101 },
roles: [
{ role: "clusterAdmin", db: "admin" },
{ role: "readAnyDatabase", db: "admin" },
"readWrite"
],
writeConcern: { w: "majority" , wtimeout: 5000 }
} )
上面的示例在学生数据库上创建一个用户admin @ javaTpoint。该命令为admin @ javatpoint赋予admin数据库上的clusterAdmin和readAnyDatabase角色,以及学生数据库上的readwrite角色。
MongoDB dropUser命令从运行命令的数据库中删除用户。
句法:
{
dropUser: "",
writeConcern: { }
}
dropUser命令字段:
| Field | Type | Description |
|---|---|---|
| dropUser | string | The dropUser field contains the name of the user that you want to delete. |
| writeConcern | document | This field contains the write concern level for the removal operation. |
例:
use products
db.runCommand( {
dropUser: " admin@javaTpoint ",
writeConcern: { w: "majority", wtimeout: 5000 }
} )
MongoDB updateUser命令在我们运行命令的数据库中更新用户详细信息。当我们使用命令时,它将完全替换先前字段的值,包括分配的角色和authenticationRestrictions数组。
句法:
{
updateUser: "",
pwd: ""
customData: { },
roles: [
{ role: "", db: "" } | "",
...
],
authenticationRestrictions: [
{
clientSource: ["" | "", ...],
serverAddress: ["", | "", ...]
},
...
],
mechanisms: [ "", ... ],
digestPassword: ,
writeConcern: { }
}
| Field | Type | Description |
|---|---|---|
| updateUser | string | It contains the name of the user that we need to update. |
| pwd | string | It contains the user’s password, or you can use the password prompt to prompt for the password. |
| customData | document | This field contains the data that an admin wishes to update in the particular user. |
| roles | array | This field grants a role to the user. |
| digestPassword | boolean | It indicates, if the server or client will digest the password. |
| writeConcern | document | This field contains the write concern for the creation operation. |
| authentication Restrictions |
array | It enforces the authentication rules on the created user. It provides a list of IP addresses and CIDR ranges from which the user is allowed to connect. |
| mechanism | array | This field specifies the SCRAM mechanisms. The valid SCRAM values are SCRAM-SHA-1 and SCRAM-SHA-256. |
例:
{
"_id" : "products.appClient01",
"userId" : UUID("c5d88855-3f1e-46cb-9c8b-269bef957986"), // Starting in MongoDB 4.0.9
"user" : "appClient01",
"db" : "products",
"customData" : { "empID" : "12345", "badge" : "9156" },
"roles" : [
{ "role" : "readWrite",
"db" : "products"
},
{ "role" : "read",
"db" : "inventory"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
以下更新用户命令完全替换了用户的customData和角色数据:
use products
db.runCommand( {
updateUser : "appClient01",
customData : { employeeId : "0x3039" },
roles : [ { role : "read", db : "assets" } ]
} )