MongoDB4.0建立自定義許可權(只有查詢,插入和更新的許可權)的角色步驟
建立自定義許可權(只有查詢,插入和更新的許可權)的角色:
PRIMARY>use admin
PRIMARY> db.createRole({role:"custom_role",privileges: [ {resource: { db: "test", collection: "test" }, actions: ["insert","update","find" ] }],roles:[ {role:"read", db:"test"} ]})
{
"role" : "custom_role",
"privileges" : [
{
"resource" : {
"db" : "test",
"collection" : "test"
},
"actions" : [
"insert",
"update",
"find"
]
}
],
"roles" : [
{
"role" : "read",
"db" : "test"
}
]
}
PRIMARY>use test
PRIMARY> db.createRole({role:"custom_role",privileges: [ {resource: { db: "test", collection: "test" }, actions: ["insert","update","find" ] }],roles:[ {role:"read", db:"test"} ]})
{
"role" : "custom_role",
"privileges" : [
{
"resource" : {
"db" : "test",
"collection" : "test"
},
"actions" : [
"insert",
"update",
"find"
]
}
],
"roles" : [
{
"role" : "read",
"db" : "test"
}
]
}
建立test_rw普通使用者,roles指定自定義的那個許可權:
PRIMARY> use test
PRIMARY> db.createUser(
{
user: "test_rw",
pwd: "test",
roles: [ { role: "custom_role", db: "test" }]
}
);
Successfully added user: {
"user" : "test_rw",
"roles" : [
{
"role" : "custom_role",
"db" : "test"
}
]
}
PRIMARY> use admin
PRIMARY> db.createUser(
{
user: "test_rw",
pwd: "test",
roles: [ { role: "custom_role", db: "test" }]
}
);
把custom_role角色授權給test_rw使用者:
PRIMARY> db.grantRolesToUser("test_rw",[{role:"custom_role",db:"test"}])
收回test_rw使用者對test庫的讀寫許可權:
PRIMARY> db.revokeRolesFromUser("test_rw",[{"role" : "readWrite","db" : "test"}])
檢視建立的使用者:
PRIMARY> use test
switched to db test
PRIMARY> show users
{
"_id" : "test.test_rw",
"userId" : UUID("ce94e5b9-cf81-4dec-a246-5670e4d0437b"),
"user" : "test_rw",
"db" : "test",
"roles" : [
{
"role" : "custom_role",
"db" : "test"
}
],
"mechanisms" : [
"SCRAM-SHA-1",
"SCRAM-SHA-256"
]
}
測試:
可以insert:
PRIMARY> db.test.save({id:"1","name" : "dsf"})
WriteResult({ "nInserted" : 1 })
PRIMARY> db.test.save({id:"2","name" : "huyih"})
WriteResult({ "nInserted" : 1 })
PRIMARY> db.test.save({id:"3","name" : "chenfeng"})
WriteResult({ "nInserted" : 1 })
PRIMARY> db.test.save({id:"4","name" : "zhangsan"})
WriteResult({ "nInserted" : 1 })
PRIMARY> db.test.save({id:"5","name" : "lisi"})
WriteResult({ "nInserted" : 1 })
PRIMARY> db.test.save({id:"6","name" : "lishishi"})
WriteResult({ "nInserted" : 1 })
可以update:
PRIMARY> db.test.update({id:"1","name" : "dsf"},{$set:{id:"1","name" : "sunxim"}})
WriteResult({ "nMatched" : 1, "nUpserted" : 0, "nModified" : 1 })
可以find:
PRIMARY> db.test.find()
{ "_id" : ObjectId("6283495ca66296017ea02258"), "id" : "1", "name" : "sunxim" }
{ "_id" : ObjectId("6283495ca66296017ea02259"), "id" : "2", "name" : "huyih" }
{ "_id" : ObjectId("6283495ca66296017ea0225a"), "id" : "3", "name" : "chenfeng" }
{ "_id" : ObjectId("6283495ca66296017ea0225b"), "id" : "4", "name" : "zhangsan" }
{ "_id" : ObjectId("6283495ca66296017ea0225c"), "id" : "5", "name" : "lisi" }
但不能drop庫:
PRIMARY> db.dropDatabase();
{
"ok" : 0,
"errmsg" : "not authorized on test to execute command { dropDatabase: 1.0, writeConcern: { w: \"majority\", wtimeout: 600000.0 }, lsid: { id: UUID(\"2b07b1d1-0c30-42a7-b8f6-48345895a138\") }, $db: \"test\" }",
"code" : 13,
"codeName" : "Unauthorized"
}
不能刪表:
PRIMARY> db.test.drop()
2022-05-16T22:45:43.294-0700 E QUERY [js] Error: drop failed: {
"operationTime" : Timestamp(1652766343, 3),
"ok" : 0,
"errmsg" : "not authorized on test to execute command { drop: \"test\", lsid: { id: UUID(\"233df021-0e9d-4ad1-b01e-96d41b50b3c6\") }, $clusterTime: { clusterTime: Timestamp(1652766335, 1), signature: { hash: BinData(0, 387A28B3A42EAE488DBBCE581D8967C40D20248F), keyId: 7052381551807430657 } }, $db: \"test\" }",
"code" : 13,
"codeName" : "Unauthorized",
"$clusterTime" : {
"clusterTime" : Timestamp(1652766343, 3),
"signature" : {
"hash" : BinData(0,"q43aWx3zYYxuD6dLrFc/z2Hf5qo="),
"keyId" : NumberLong("7052381551807430657")
}
}
} :
_getErrorWithCode@src/mongo/shell/utils.js:25:13
DBCollection.prototype.drop@src/mongo/shell/collection.js:719:1
@(shell):1:1
不能刪記錄:
PRIMARY> db.test.remove({id:"5","name" : "lisi"})
WriteCommandError({
"ok" : 0,
"errmsg" : "not authorized on test to execute command { delete: \"test\", ordered: true, lsid: { id: UUID(\"2b07b1d1-0c30-42a7-b8f6-48345895a138\") }, $db: \"test\" }",
"code" : 13,
"codeName" : "Unauthorized"
})
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/15498/viewspace-2895022/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- MongoDB 4.0檢視,更新和回收角色許可權步驟MongoDB
- android動態許可權到自定義許可權框架Android框架
- hadoop自定義許可權Hadoop
- DRF內建許可權元件之自定義許可權管理類元件
- Django(63)drf許可權原始碼分析與自定義許可權Django原始碼
- linux 檔案許可權 s 許可權和 t 許可權解析Linux
- Linux的檔案存取許可權和0644許可權Linux
- UserService 查詢使用者沒許可權的索引,增加臨時許可權queryIndicesNoPermission分析索引
- 許可權之選單許可權
- MySql查詢使用者許可權MySql
- Linux 特殊許可權a,i,t,s以及查詢帶有特殊許可權的所有檔案Linux
- 如何用 Vue 實現前端許可權控制(路由許可權 + 檢視許可權 + 請求許可權)Vue前端路由
- MongoDB建立只讀使用者並授權指定集合的查詢許可權MongoDB
- 選單許可權和按鈕許可權設定
- SpringSecurity:hasAuthority與自定義許可權校驗SpringGse
- 呼叫者許可權與定義者許可權的pl/sql子程式SQL
- 許可權系統:一文搞懂功能許可權、資料許可權
- Android6.0------許可權申請管理(單個許可權和多個許可權申請)Android
- MySQL如何查詢all有哪些許可權?MySql
- 使用LDAP查詢快速提升域許可權LDA
- 【自然框架】許可權的視訊演示(二):許可權到欄位、許可權到記錄框架
- 阿里雲RDS的高許可權不是真正的高許可權阿里
- 分享!! 如何自定義許可權校驗的註解並用AOP攔截實現許可權校驗
- Spring安全的角色和許可權原始碼與教程 - javadevjournalSpring原始碼Javadev
- win10怎麼獲得管理員許可權_win10獲取管理員許可權的步驟Win10
- UserService 查詢使用者查詢許可權 isGlobalQuery分析
- Oracle使用者角色許可權管理Oracle
- MySQL5.7&8.0許可權-角色管理MySql
- 許可權概念、許可權提升概念以及許可權提升的分類和目的 Windows 提權的基礎原理是瞭解作業系統的安全機制和許可權管理 Windows提權攻擊的進一步知識概念Windows作業系統
- Linux特殊許可權之suid、sgid、sbit許可權LinuxUI
- django開發之許可權管理(一)——許可權管理詳解(許可權管理原理以及方案)、不使用許可權框架的原始授權方式詳解Django框架
- 小知識:軟體開發的許可權控制和許可權驗證
- Linux雜記 查詢與特殊許可權位Linux
- Linux的許可權控制Linux
- mysql許可權MySql
- 許可權控制
- Linux許可權Linux
- Vue | 自定義指令和動態路由實現許可權控制Vue路由