Mongo DB在哪里保留用户帐户? [英] Mongo DB where to keep user accounts?

问题描述

我是MongoDB的新手，我一直在尝试找到正确的存储用户帐户的方法，但是没有找到关于此主题的任何好方法.

I am newbie to MongoDB, I have been trying to find the right way of storing user accounts, but haven't found any good explanation of this topic.

我的问题是在哪里存储用于访问数据库，管理用户的用户帐户...

My questions where to store user accounts for accessing databases, managing users ....

我已经在系统admin表中创建了admin用户.我猜那是正确的地方.但是新数据库呢?

I have created admin user in system admin table. That is the right place I guess. But what about new database ?

为了消除歧义，这里是mongo shell的输出

In order to disambiguate things here is output of mongo shell

> use admin
switched to db admin
> db.getUsers();
[
    {
        "_id" : "admin.mongoadmin",
        "user" : "mongoadmin",
        "db" : "admin",
        "roles" : [
            {
                "role" : "root",
                "db" : "admin"
            }
        ]
    },
    {
        "_id" : "admin.api_videos",
        "user" : "api_videos",
        "db" : "admin",
        "roles" : [
            {
                "role" : "dbOwner",
                "db" : "videos"
            }
        ]
    }
]
> use videos
switched to db videos
> db.getUsers();
[
    {
        "_id" : "videos.api_videos",
        "user" : "api_videos",
        "db" : "videos",
        "roles" : [
            {
                "role" : "dbOwner",
                "db" : "videos"
            }
        ]
    }
]
> 

因此您可以清楚地看到我已经创建了两个用户api_videos.那应该在哪里呢?在管理表或与之相关的表中

So you can clearly see that I have created two users api_videos. So where should it be ? In admin table or in the table which it is related to ?

推荐答案

这要视情况而定.策略是将用户限制在他们将对其执行操作的数据库上.

It depends. Strategy is to constrain your users to the database they will performing actions on.

每个数据库的所有管理员用户都应进入各自的数据库.

All the admin users for each db should go into their respective databases.

让我给您一些想法. docs 中提供了更多详细信息.

Let me give you some idea how it all works. Much more detail is provided in docs.

root

使用root用户创建超级用户，以授予admin数据库中所有角色的所有特权，并可以在其他数据库中执行操作.

Create super users with root to grant all the privileges for all the roles in the admin database and can perform operations in other databases.

您可以自定义具有不同角色的管理员用户，以进行更严格的管理.

You can customize admin users with different roles to allow for stricter administration.

只有管理数据库中可用的管理角色很少.

There are few administration roles only available in admin database.

root用户现在可以执行以下任何操作.

Root user can now perform any of below operations.

dbOwner

创建具有dbOwner角色的管理员用户以授予特定数据库中的所有特权，包括数据库管理和该数据库的用户管理.

Create admin users with dbOwner role to grant all the privileges in a specific database includes database administration and user management for the database.

userAdmin

创建具有userAdmin角色的用户以授予特定数据库中的用户管理权限.

Create users with userAdmin role to grant with user management privliges in specfic database.

dbOwner用户和userAdmin用户都可以在具有用户定义角色(read和readWrite)的特定数据库中创建用户.

Both dbOwner users and userAdmin users can create users in the specific database with user defined roles(read and readWrite).

此外，您可以创建具有自定义角色和特权的用户，从而可以进行精细的控制.

Moreover, you can create users with custom roles and privileges which will allow fine grained control.

这篇关于Mongo DB在哪里保留用户帐户?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！