如何实现MongoDB的字段级权限? [英] How can I implement field-level permissions for MongoDB?

问题描述

在MySQL中，我可以授予更新特定字段的权限:

In MySQL I can grant permissions to update specific fields:

GRANT SELECT, UPDATE (col_Eagle) ON db_ANIMAL.tb_BIRD to 'JOHNNY'@'localhost';

MongoDB仅具有读取"或"readWrite"角色:

MongoDB only has "read" or "readWrite" roles:

db.createUser(
    {
      user: "JOHNNY",
      pwd: "pass",
      roles: [
        { 
          role: "read", # or readWrite??
          db: "db_ANIMAL" 
        }
      ]
    }
)

如何将更新权限限制为MongoDB 3.4中的特定字段?

How can I limit update permissions to specific fields in MongoDB 3.4?

推荐答案

与MongoDB 3.4一样，内置访问控制的粒度只能达到

As at MongoDB 3.4, the granularity of the built-in access control only goes as far as Collection-Level Access Control.

例如，您可以创建一个用户定义的角色来限制集合的特权:

For example, you could create a user-defined role limiting privileges for a collection:

privileges: [
  { resource: { db: "db_ANIMAL", collection: "tb_BIRD" },  actions: [ "find", "update" ] }
]

要限制对集合数据子集的只读访问，可以考虑使用新的 MongoDB 3.4中的视图功能或实现字段级修订使用$redact聚合阶段(MongoDB 2.6 +).

For limiting read-only access to a subset of collection data, you could consider using the new Views functionality in MongoDB 3.4 or implementing Field Level Redaction using the $redact aggregation stage (MongoDB 2.6+).

如果您需要更精细的访问控制来进行字段级更新，则当前必须在API或应用程序代码中实现.

If you need more granular access control for field-level updates you will currently have to implement this in your API or application code.

您可能希望在MongoDB问题跟踪器中观看/更新一些相关功能请求:

There are a few relevant feature requests you may want to watch/upvote in the MongoDB issue tracker:

• SERVER-648:文档级访问控制
• SERVER-27698:物化视图

• SERVER-648: Document level access control
• SERVER-27698: Materialized views

这篇关于如何实现MongoDB的字段级权限?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！