我创建了一个在其自己的数据库中具有完全权限的用户 ( dbOwner) 和对管理命令的只读访问权限 ( clusterMonitor)
use customerdb
(mongod-3.4.7) customerdb> db.createUser( { user: "customer",
... pwd: "customerpw",
... roles: [ { role: "clusterMonitor", db: "admin" },
... { role: "dbOwner", db: "customerdb" }] },
... { w: "majority" , wtimeout: 5000 } )
Successfully added user: {
"user": "customer",
"roles": [
{
"role": "clusterMonitor",
"db": "admin"
},
{
"role": "dbOwner",
"db": "customerdb"
}
]
}
启用身份验证并使用新用户登录。这是 Homebrew 安装的最新版本的 MongoDB 单实例。
$ mongo -u customer -p customerpw localhost --authenticationDatabase=customerdb
为什么getRoles()显示我enableSharding的角色?我没有在文档中找到解释
> db.getRoles(
... {
... rolesInfo: 1,
... showPrivileges:false,
... showBuiltinRoles: true
... }
... )
[
{
"role": "dbAdmin",
"db": "customerdb",
"isBuiltin": true,
"roles": [ ],
"inheritedRoles": [ ]
},
{
"role": "dbOwner",
"db": "customerdb",
"isBuiltin": true,
"roles": [ ],
"inheritedRoles": [ ]
},
{
"role": "enableSharding",
"db": "customerdb",
"isBuiltin": true,
"roles": [ ],
"inheritedRoles": [ ]
},
{
"role": "read",
"db": "customerdb",
"isBuiltin": true,
"roles": [ ],
"inheritedRoles": [ ]
},
{
"role": "readWrite",
"db": "customerdb",
"isBuiltin": true,
"roles": [ ],
"inheritedRoles": [ ]
},
{
"role": "userAdmin",
"db": "customerdb",
"isBuiltin": true,
"roles": [ ],
"inheritedRoles": [ ]
}
]
enableSharding 角色的权限
{
"role": "enableSharding",
"db": "customerdb",
"isBuiltin": true,
"roles": [ ],
"inheritedRoles": [ ],
"privileges": [
{
"resource": {
"db": "",
"collection": ""
},
"actions": [
"enableSharding"
]
}
],
"inheritedPrivileges": [
{
"resource": {
"db": "",
"collection": ""
},
"actions": [
"enableSharding"
]
}
]
}
我在带有以下版本的 mongos 上的分片集群中对此进行了测试:
MongoDB Enterprise mongos> db.version()
3.2.11
以及在具有单个 mongod 和版本 3.4.7 的 MacBook 上
我想我在创建用户和授予角色方面做错了什么?
由于“角色”:“dbAdmin”,您获得了 customerdb 的“角色”:“enableSharding”。因此,这种使用可以对 customerdb 进行分片,但除此之外别无他法。