MongoDB"userAdminAnyDatabase";用户不能在“任何数据库"中管理用户.为什么? [英] A MongoDB "userAdminAnyDatabase" user cannot admin users in "any database". Why?
问题描述
这是一个userAdmin
与userAdminAnyDatabase
的问题.
在system.users
中,我具有以下用户(两个用户的密码均为1234
):
In the system.users
I have the following users (password 1234
for both):
> db.system.users.find()
{ "_id" : ObjectId("52a976cb7851682aa44d6d4d"), "user" : "admin_one", "pwd" : "884f516cf308a4c6a75bbc5a0a00807b", "roles" : [ "userAdmin", "dbAdmin" ] }
{ "_id" : ObjectId("52a97c697851682aa44d6d4f"), "user" : "admin_two", "pwd" : "26e7bb644e5919461cd6ba7403dc6906", "roles" : [ "userAdminAnyDatabase", "dbAdminAnyDatabase" ] }
与错误的用户连接:
$ mongo mono -u admin -p 1234
connecting to: mono
Thu Dec 12 10:09:00.733 Error: 18 { code: 18, ok: 0.0, errmsg: "auth fails" } at src/mongo/shell/db.js:228
可以.
与数据库管理员连接:
$ mongo mono -u admin_one -p 1234
connecting to: mono
> db.system.users.find()
{ "_id" : ObjectId("52a976cb7851682aa44d6d4d"), "user" : "admin_one", "pwd" : "884f516cf308a4c6a75bbc5a0a00807b", "roles" : [ "userAdmin", "dbAdmin" ] }
{ "_id" : ObjectId("52a97c697851682aa44d6d4f"), "user" : "admin_two", "pwd" : "26e7bb644e5919461cd6ba7403dc6906", "roles" : [ "userAdminAnyDatabase", "dbAdminAnyDatabase" ] }
也可以.
现在,与"AnyDatabase"管理员连接时出现错误:
Now, connecting with the "AnyDatabase" admin I get an error:
$ mongo mono -u admin_two -p 1234
connecting to: mono
> db.system.users.find()
error: { "$err" : "not authorized for query on mono.system.users", "code" : 16550 }
为什么?
推荐答案
似乎您正在尝试在mono
数据库而不是{{admin}}数据库上分配userAdminAnyDatabase
角色. "anyDatabase"角色仅对通过admin
数据库进行身份验证的用户可用.
It appears that you're attempting to allocate the userAdminAnyDatabase
role on the mono
database, not the the {{admin}} database. The "anyDatabase" roles are only available for users that authenticate to the admin
database.
有关更多信息,请参见任何数据库角色的文档.
See the documentation of the anyDatabase Roles for more information.
这篇关于MongoDB"userAdminAnyDatabase";用户不能在“任何数据库"中管理用户.为什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!