MongoDB4.0建立自定義許可權(只有查詢,插入和更新的許可權)的角色步驟
建立自定義許可權(只有查詢,插入和更新的許可權)的角色:
PRIMARY>use admin
PRIMARY> db.createRole({role:"custom_role",privileges: [ {resource: { db: "test", collection: "test" }, actions: ["insert","update","find" ] }],roles:[ {role:"read", db:"test"} ]})
{
"role" : "custom_role",
"privileges" : [
{
"resource" : {
"db" : "test",
"collection" : "test"
},
"actions" : [
"insert",
"update",
"find"
]
}
],
"roles" : [
{
"role" : "read",
"db" : "test"
}
]
}
PRIMARY>use test
PRIMARY> db.createRole({role:"custom_role",privileges: [ {resource: { db: "test", collection: "test" }, actions: ["insert","update","find" ] }],roles:[ {role:"read", db:"test"} ]})
{
"role" : "custom_role",
"privileges" : [
{
"resource" : {
"db" : "test",
"collection" : "test"
},
"actions" : [
"insert",
"update",
"find"
]
}
],
"roles" : [
{
"role" : "read",
"db" : "test"
}
]
}
建立test_rw普通使用者,roles指定自定義的那個許可權:
PRIMARY> use test
PRIMARY> db.createUser(
{
user: "test_rw",
pwd: "test",
roles: [ { role: "custom_role", db: "test" }]
}
);
Successfully added user: {
"user" : "test_rw",
"roles" : [
{
"role" : "custom_role",
"db" : "test"
}
]
}
PRIMARY> use admin
PRIMARY> db.createUser(
{
user: "test_rw",
pwd: "test",
roles: [ { role: "custom_role", db: "test" }]
}
);
把custom_role角色授權給test_rw使用者:
PRIMARY> db.grantRolesToUser("test_rw",[{role:"custom_role",db:"test"}])
收回test_rw使用者對test庫的讀寫許可權:
PRIMARY> db.revokeRolesFromUser("test_rw",[{"role" : "readWrite","db" : "test"}])
檢視建立的使用者:
PRIMARY> use test
switched to db test
PRIMARY> show users
{
"_id" : "test.test_rw",
"userId" : UUID("ce94e5b9-cf81-4dec-a246-5670e4d0437b"),
"user" : "test_rw",
"db" : "test",
"roles" : [
{
"role" : "custom_role",
"db" : "test"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
測試:
可以insert:
PRIMARY> db.test.save({id:"1","name" : "dsf"})
WriteResult({ "nInserted" : 1 })
PRIMARY> db.test.save({id:"2","name" : "huyih"})
WriteResult({ "nInserted" : 1 })
PRIMARY> db.test.save({id:"3","name" : "chenfeng"})
WriteResult({ "nInserted" : 1 })
PRIMARY> db.test.save({id:"4","name" : "zhangsan"})
WriteResult({ "nInserted" : 1 })
PRIMARY> db.test.save({id:"5","name" : "lisi"})
WriteResult({ "nInserted" : 1 })
PRIMARY> db.test.save({id:"6","name" : "lishishi"})
WriteResult({ "nInserted" : 1 })
可以update:
PRIMARY> db.test.update({id:"1","name" : "dsf"},{$set:{id:"1","name" : "sunxim"}})
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
可以find:
PRIMARY> db.test.find()
{ "_id" : ObjectId("6283495ca66296017ea02258"), "id" : "1", "name" : "sunxim" }
{ "_id" : ObjectId("6283495ca66296017ea02259"), "id" : "2", "name" : "huyih" }
{ "_id" : ObjectId("6283495ca66296017ea0225a"), "id" : "3", "name" : "chenfeng" }
{ "_id" : ObjectId("6283495ca66296017ea0225b"), "id" : "4", "name" : "zhangsan" }
{ "_id" : ObjectId("6283495ca66296017ea0225c"), "id" : "5", "name" : "lisi" }
但不能drop庫:
PRIMARY> db.dropDatabase();
{
"ok" : 0,
"errmsg" : "not authorized on test to execute command { dropDatabase: 1.0, writeConcern: { w: \"majority\", wtimeout: 600000.0 }, lsid: { id: UUID(\"2b07b1d1-0c30-42a7-b8f6-48345895a138\") }, $db: \"test\" }",
"code" : 13,
"codeName" : "Unauthorized"
}
不能刪表:
PRIMARY> db.test.drop()
2022-05-16T22:45:43.294-0700 E QUERY [js] Error: drop failed: {
"operationTime" : Timestamp(1652766343, 3),
"ok" : 0,
"errmsg" : "not authorized on test to execute command { drop: \"test\", lsid: { id: UUID(\"233df021-0e9d-4ad1-b01e-96d41b50b3c6\") }, $clusterTime: { clusterTime: Timestamp(1652766335, 1), signature: { hash: BinData(0, 387A28B3A42EAE488DBBCE581D8967C40D20248F), keyId: 7052381551807430657 } }, $db: \"test\" }",
"code" : 13,
"codeName" : "Unauthorized",
"$clusterTime" : {
"clusterTime" : Timestamp(1652766343, 3),
"signature" : {
"hash" : BinData(0,"q43aWx3zYYxuD6dLrFc/z2Hf5qo="),
"keyId" : NumberLong("7052381551807430657")
}
}
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DBCollection.prototype.drop@src/mongo/shell/collection.js:719:1
@(shell):1:1
不能刪記錄:
PRIMARY> db.test.remove({id:"5","name" : "lisi"})
WriteCommandError({
"ok" : 0,
"errmsg" : "not authorized on test to execute command { delete: \"test\", ordered: true, lsid: { id: UUID(\"2b07b1d1-0c30-42a7-b8f6-48345895a138\") }, $db: \"test\" }",
"code" : 13,
"codeName" : "Unauthorized"
})
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/15498/viewspace-2895022/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Oracle 查詢許可權角色Oracle
- Oracle的物件許可權、角色許可權、系統許可權Oracle物件
- MongoDB 4.0檢視,更新和回收角色許可權步驟MongoDB
- 自定義許可權物件物件
- android動態許可權到自定義許可權框架Android框架
- 檢視角色裡包含的系統許可權、物件許可權和角色物件
- hadoop自定義許可權Hadoop
- SAP自定義許可權物件物件
- sql server的許可權查詢SQLServer
- DRF內建許可權元件之自定義許可權管理類元件
- Django(63)drf許可權原始碼分析與自定義許可權Django原始碼
- 角色許可權(Role)和系統許可權(System)的幾個澄清實驗
- 對定義者許可權和呼叫者許可權的理解
- 儲存過程,角色相關的呼叫者許可權和定義者許可權問題儲存過程
- linux 檔案許可權 s 許可權和 t 許可權解析Linux
- Oracle許可權相關查詢Oracle
- 查詢資料庫使用者角色和許可權檢視資料庫
- AIX 的許可許可權(轉)AI
- 許可權之選單許可權
- Android系統許可權和root許可權Android
- 查詢沒有許可權但資料字典中顯示有許可權
- Oracle中定義者許可權和呼叫者許可權案例分析Oracle
- Linux的檔案存取許可權和0644許可權Linux
- 舉例如何控制查詢許可權
- Oracle查詢使用者許可權Oracle
- MySql查詢使用者許可權MySql
- 如何用 Vue 實現前端許可權控制(路由許可權 + 檢視許可權 + 請求許可權)Vue前端路由
- PostgreSQL學習手冊(角色和許可權)SQL
- 選單許可權和按鈕許可權設定
- Oracle角色許可權之Default RoleOracle
- Java Web角色許可權設計JavaWeb
- DB2的4種查詢許可權DB2
- 查詢每個使用者的許可權
- 【自然框架】之通用許可權(八):許可權到欄位(列表、表單、查詢)框架
- SQL Server中查詢使用者的物件許可權和角色的方法SQLServer物件
- android自定義訪問許可權permissionAndroid訪問許可權
- android framework中新增自定義許可權AndroidFramework
- 自定義Android應用的訪問許可權Android訪問許可權