如何实现MongoDB的字段级权限? [英] How can I implement field-level permissions for MongoDB?
问题描述
在MySQL中,我可以授予更新特定字段的权限:
In MySQL I can grant permissions to update specific fields:
GRANT SELECT, UPDATE (col_Eagle) ON db_ANIMAL.tb_BIRD to 'JOHNNY'@'localhost';
MongoDB仅具有读取"或"readWrite"角色:
MongoDB only has "read" or "readWrite" roles:
db.createUser(
{
user: "JOHNNY",
pwd: "pass",
roles: [
{
role: "read", # or readWrite??
db: "db_ANIMAL"
}
]
}
)
如何将更新权限限制为MongoDB 3.4中的特定字段?
How can I limit update permissions to specific fields in MongoDB 3.4?
推荐答案
As at MongoDB 3.4, the granularity of the built-in access control only goes as far as Collection-Level Access Control.
例如,您可以创建一个用户定义的角色来限制集合的特权:
For example, you could create a user-defined role limiting privileges for a collection:
privileges: [
{ resource: { db: "db_ANIMAL", collection: "tb_BIRD" }, actions: [ "find", "update" ] }
]
要限制对集合数据子集的只读访问,可以考虑使用新的 MongoDB 3.4中的视图功能或实现字段级修订使用$redact
聚合阶段(MongoDB 2.6 +).
For limiting read-only access to a subset of collection data, you could consider using the new Views functionality in MongoDB 3.4 or implementing Field Level Redaction using the $redact
aggregation stage (MongoDB 2.6+).
如果您需要更精细的访问控制来进行字段级更新,则当前必须在API或应用程序代码中实现.
If you need more granular access control for field-level updates you will currently have to implement this in your API or application code.
您可能希望在MongoDB问题跟踪器中观看/更新一些相关功能请求:
There are a few relevant feature requests you may want to watch/upvote in the MongoDB issue tracker:
- SERVER-648: Document level access control
- SERVER-27698: Materialized views
这篇关于如何实现MongoDB的字段级权限?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!