无涯教程-MongoDB - 角色管理命令

无涯教程
54 阅读2分钟

角色管理命令用于定义指定用户的角色。

MongoDB Cheaterole命令

Createrole命令分配角色并指定其优点。指定的角色适用于无涯教程运行命令的数据库。如果在数据库中已存在,则该命令返回重复的角色错误。

语法:

{ createRole: "<new role>",
  privileges: [
    { resource: { <resource> }, actions: [ "<action>", ... ] },
    ...
  ],
  roles: [
    { role: "<role>", db: "<database>" } | "<role>",
    ...
  ],
  authenticationRestrictions: [
    {
      clientSource: ["<IP>" | "<CIDR range>", ...],
      serverAddress: ["<IP>" | "<CIDR range>", ...]
    },
    ...
  ],
  writeConcern: <write concern document>
}

命令字段:

字段 类型 描述
Createrole 字符串 Creeatole字段包含新角色的名称。
privileges 数组 它包含授予角色的权限。如果您不想指定任何角色,请留空。
roles 数组 它包含用于将角色分配给用户的角色数组。
authentication
Restrictions		 数组 身份验证限制字段限制服务器对角色的强制执行。
writeConcern 文档 适用于此操作的写疑虑水平。

示例:

Creeaterole命令在管理数据库上创建learnfkadmin角色

 db.adminCommand({ createRole: "LearnfkAdmin",
  privileges: [
    { resource: { cluster: true }, actions: [ "addShard" ] },
    { resource: { db: "config", collection: "" }, actions: [ "find", "update", "insert", "remove" ] },
    { resource: { db: "users", collection: "usersCollection" }, actions: [ "update", "insert", "remove" ] },
    { resource: { db: "", collection: "" }, actions: [ "find" ] }
  ],
  roles: [
    { role: "read", db: "admin" }
  ],
  writeConcern: { w: "majority" , wtimeout: 5000 }
})

MongoDB Droprople命令

mongodb droprople命令删除了用户在无涯教程运行命令的数据库中定义的角色。

语法:

{
  dropRole: "<role>",
  writeConcern: { <write concern> }
}
Example:
This example remove the readPrice role from the products database.
use products
db.runCommand(
   {
     dropRole: "readPrices",
     writeConcern: { w: "majority" }
   }
)

MongoDB Upderole.

更新命令更新用户定义的角色。该命令必须在角色数据库上运行。此命令可以完全替换先前的字段值。

语法:

{
  updateRole: "<role>",
  privileges:
      [
        { resource: { <resource> }, actions: [ "<action>", ... ] },
        ...
      ],
  roles:
      [
        { role: "<role>", db: "<database>" } | "<role>",
        ...
      ],
  authenticationRestrictions:
      [
        {
          clientSource: ["<IP>" | "<CIDR range>", ...],
          serverAddress: ["<IP>", ...]
        },
        ...
      ]
  writeConcern: <write concern document>
}

示例:

db.adminCommand(
   {
     updateRole: "myClusterwideAdmin",
     privileges:
         [
           {
             resource: { db: "", collection: "" },
             actions: [ "find" , "update", "insert", "remove" ]
           }
         ],
     roles:
         [
           { role: "dbAdminAnyDatabase", db: "admin" }
         ],
     writeConcern: { w: "majority" }
   }
)

上面的示例更新了管理数​​据库上的MyClusterWideadmin角色。

MongoDB Grantprivilagestorole命令

这是一个非常重要的命令,用于在数据库中添加一些额外的权限,在该命令用于运行命令。

语法:

{
  grantPrivilegesToRole: "<role>",
  privileges: [
      {
        resource: { <resource> }, actions: [ "<action>", ... ]
      },
      ...
  ],
  writeConcern: { <write concern> }
}

示例:

use products
db.runCommand(
   {
     grantPrivilegesToRole: "service",
     privileges: [
         {
           resource: { db: "products", collection: "" }, actions: [ "find" ]
         },
         {
           resource: { db: "products", collection: "system.js" }, actions: [ "find" ]
         }
     ],
     writeConcern: { w: "majority" , wtimeout: 5000 }
   }
)

上面的示例为产品数据库中存在的服务角色授予两个附加权限。

参考链接

www.learnfk.com/mongodb/mon…

avatar
文章
阅读
粉丝