我创建了两个用户,我认为他们是userAdmins。不幸的是,当我和他们一起登录时,我被许可拒绝了。如果我在本地登录而没有提供用户名或密码,我会拒绝所有内容。我该怎么办?
使用以下命令创建用户
use admin
db.createUser(
{
user: "Nikhil",
pwd: "wouldntyouliketoknow",
roles: ["userAdminAnyDatabase" ]
}
)
userAdminAnyDatabase不代表我认为的意思吗?
答案 0 :(得分:3)
我正在使用您已启用授权安全性以实现此目的。为什么不将security.authorization设置为disabled并重启mongod?
http://docs.mongodb.org/manual/reference/configuration-options/
就你发出的命令看起来不正确,应该是这样的:
use admin
db.createUser(
{
user: "Nikhil",
pwd: "wouldntyouliketoknow",
roles:
[
{
role: "userAdminAnyDatabase",
db: "admin"
}
]
}
)
请注意,您必须将包含角色和数据库的文档传入调用。
最佳起点是:http://docs.mongodb.org/manual/tutorial/enable-authentication/
此用户仅限于所有数据库上的userAdmin角色。如果您想要执行其他操作,您需要为自己授予其他角色或创建拥有这些角色的新用户:
userAdminAnyDatabase
Provides the same access to user administration operations as userAdmin, except it applies to all databases in the cluster. The role also provides the following actions on the cluster as a whole:
authSchemaUpgrade
invalidateUserCache
listDatabases
The role also provides the following actions on the admin.system.users and admin.system.roles collections on the admin database, and on legacy system.users collections from versions of MongoDB prior to 2.6:
collStats
dbHash
dbStats
find
killCursors
planCacheRead
The userAdminAnyDatabase role does not restrict the permissions that a user can grant. As a result, userAdminAnyDatabase users can grant themselves privileges in excess of their current privileges and even can grant themselves all privileges, even though the role does not explicitly authorize privileges beyond user administration. This role is effectively a MongoDB system superuser.
http://docs.mongodb.org/manual/reference/built-in-roles/#built-in-roles
答案 1 :(得分:2)
您可以在没有auth选项的情况下重新启动MongoD,它应该很乐意让您登录并执行任何操作。
或者,您也可以启用localhost身份验证旁路,并从运行MongoD的同一主机进行连接。您可以在http://docs.mongodb.org/manual/core/authentication/#localhost-exception
找到有关它的更多信息根据您使用的MongoDB版本,上述步骤可能会有不同的行为,我建议您在上述网站上查找特定于版本的文档。