MongoDB角色管理命令

📌 相关文章

📜 MongoDB角色管理命令

📅 最后修改于: 2020-11-23 01:06:47 🧑 作者: Mango

MongoDB角色管理命令

角色管理命令用于为指定用户定义角色。

MongoDB createRole命令

createRole命令分配角色并指定其优势。分配的角色适用于我们在其上运行命令的数据库。如果角色已经存在于数据库中，则该命令返回重复的角色错误。

句法：

{ createRole: "",
  privileges: [
    { resource: {  }, actions: [ "", ... ] },
    ...
  ],
  roles: [
    { role: "", db: "" } | "",
    ...
  ],
  authenticationRestrictions: [
    {
      clientSource: ["" | "", ...],
      serverAddress: ["" | "", ...]
    },
    ...
  ],
  writeConcern: 
}

命令字段：

Field	Type	Description
createRole	string	The createRole field contains the name of the new role.
privileges	array	It contains the privileges to grant the roles. Left it blanks if you don’t want to specify any role.
roles	array	It contains the array of roles which is used to assign the role to the user.
authentication Restrictions	array	The authentication restriction field restricts the server from enforcing on the role.
writeConcern	document	It is the level of write concern to apply to this operation.

例：

createRole命令在管理数据库上创建JavaTpointAdmin角色

 db.adminCommand({ createRole: "JavaTpointAdmin",
  privileges: [
    { resource: { cluster: true }, actions: [ "addShard" ] },
    { resource: { db: "config", collection: "" }, actions: [ "find", "update", "insert", "remove" ] },
    { resource: { db: "users", collection: "usersCollection" }, actions: [ "update", "insert", "remove" ] },
    { resource: { db: "", collection: "" }, actions: [ "find" ] }
  ],
  roles: [
    { role: "read", db: "admin" }
  ],
  writeConcern: { w: "majority" , wtimeout: 5000 }
})

MongoDB dropRole命令

MongoDB dropRole命令删除用户在运行命令的数据库中定义的角色。

句法：

{
  dropRole: "",
  writeConcern: {  }
}
Example:
This example remove the readPrice role from the products database.
use products
db.runCommand(
   {
     dropRole: "readPrices",
     writeConcern: { w: "majority" }
   }
)

MongoDB updateRole

update命令更新用户定义的角色。该命令必须在角色的数据库上运行。此命令可以完全替换先前的字段值。

句法：

{
  updateRole: "",
  privileges:
      [
        { resource: {  }, actions: [ "", ... ] },
        ...
      ],
  roles:
      [
        { role: "", db: "" } | "",
        ...
      ],
  authenticationRestrictions:
      [
        {
          clientSource: ["" | "", ...],
          serverAddress: ["", ...]
        },
        ...
      ]
  writeConcern: 
}

例：

db.adminCommand(
   {
     updateRole: "myClusterwideAdmin",
     privileges:
         [
           {
             resource: { db: "", collection: "" },
             actions: [ "find" , "update", "insert", "remove" ]
           }
         ],
     roles:
         [
           { role: "dbAdminAnyDatabase", db: "admin" }
         ],
     writeConcern: { w: "majority" }
   }
)

上面的示例更新了admin数据库上的myClusterwideAdmin角色。

MongoDB grantPrivilagesToRole命令

这是一个非常重要的命令，用于向运行该命令的数据库上的用户定义角色添加一些额外的特权。

句法：

{
  grantPrivilegesToRole: "",
  privileges: [
      {
        resource: {  }, actions: [ "", ... ]
      },
      ...
  ],
  writeConcern: {  }
}

例：

use products
db.runCommand(
   {
     grantPrivilegesToRole: "service",
     privileges: [
         {
           resource: { db: "products", collection: "" }, actions: [ "find" ]
         },
         {
           resource: { db: "products", collection: "system.js" }, actions: [ "find" ]
         }
     ],
     writeConcern: { w: "majority" , wtimeout: 5000 }
   }
)

上面的示例为产品数据库中存在的服务角色授予了两个附加特权。