问题描述
我正在尝试在 mongo 中创建一个可以在任何数据库中执行任何操作的用户.
I'm trying to create a user in mongo who can do anything in any db.
根据指南,我创建了一个新管理员:http://docs.mongodb.org/manual/tutorial/add-user-administrator
According to the guide I created a new admin: http://docs.mongodb.org/manual/tutorial/add-user-administrator
这是代码:
use admin
db.addUser( { user: "try1",
pwd: "hello,
roles: [ "userAdminAnyDatabase" ] } )
然后我停止了 mongo,启用了身份验证并重新启动了 mongo.
Then I stopped mongo, enabled the auth and restarted mongo.
然后我试着用他的用户创建一个数据库.
Then I tried to create a database with his user.
根据本指南:http://www.mkyong.com/mongodb/how-to-create-database-or-collection-in-mongodb/
use fragola
db.users.save( {username:"fragolino"} )
我明白了:无权在 fragola.users 上插入"
And I get this: "not authorized for insert on fragola.users"
有人可以帮我吗?
推荐答案
角色 userAdminAnyDatabase
使用户能够创建用户并向他们分配任意角色.因此,该用户有权对数据库执行任何操作,因为他可以授予任何人任何权限(包括他自己).
The role userAdminAnyDatabase
gives the user the ability to create users and assign arbitrary roles to them. Because of this, that user has the power to do anything on the database, because he can give anybody any permission (including himself).
然而,userAdminAnyDatabase
角色本身不允许用户做任何事情,除了为任意用户分配任意权限.要在数据库上实际执行某些操作,该用户需要具有以下附加角色:
However, the userAdminAnyDatabase
role by itself doesn't allow the user to do anything else besides assigning arbitrary rights to arbitrary users. To actually do something on the database, that user needs to have the following additional roles:
readWriteAnyDatabase
dbAdminAnyDatabase
clusterAdmin
拥有以上三个权限和userAdminAnyDatabase
的用户才是真正的超级用户,可以做任何事情.
A user who has the above three rights and userAdminAnyDatabase
is a true super-user and can do anything.
这篇关于在 mongo 中创建超级用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!