Mongodb
創建了一個具有 clusterMonitor 和 dbOwner 角色的使用者,但 db.getRoles() 顯示 enableSharding 角色
我在自己的數據庫中創建了一個具有完全權限的使用者 (
dbOwner) 和對管理命令的只讀訪問權限 (clusterMonitor)use customerdb (mongod-3.4.7) customerdb> db.createUser( { user: "customer", ... pwd: "customerpw", ... roles: [ { role: "clusterMonitor", db: "admin" }, ... { role: "dbOwner", db: "customerdb" }] }, ... { w: "majority" , wtimeout: 5000 } ) Successfully added user: { "user": "customer", "roles": [ { "role": "clusterMonitor", "db": "admin" }, { "role": "dbOwner", "db": "customerdb" } ] }啟用身份驗證並使用新使用者登錄。這是一個 Homebrew 安裝的最新版本的 MongoDB 單實例。
$ mongo -u customer -p customerpw localhost --authenticationDatabase=customerdb為什麼
getRoles()要給我enableSharding看角色?我沒有在文件中找到解釋> db.getRoles( ... { ... rolesInfo: 1, ... showPrivileges:false, ... showBuiltinRoles: true ... } ... ) [ { "role": "dbAdmin", "db": "customerdb", "isBuiltin": true, "roles": [ ], "inheritedRoles": [ ] }, { "role": "dbOwner", "db": "customerdb", "isBuiltin": true, "roles": [ ], "inheritedRoles": [ ] }, { "role": "enableSharding", "db": "customerdb", "isBuiltin": true, "roles": [ ], "inheritedRoles": [ ] }, { "role": "read", "db": "customerdb", "isBuiltin": true, "roles": [ ], "inheritedRoles": [ ] }, { "role": "readWrite", "db": "customerdb", "isBuiltin": true, "roles": [ ], "inheritedRoles": [ ] }, { "role": "userAdmin", "db": "customerdb", "isBuiltin": true, "roles": [ ], "inheritedRoles": [ ] } ]enableSharding 角色的權限
{ "role": "enableSharding", "db": "customerdb", "isBuiltin": true, "roles": [ ], "inheritedRoles": [ ], "privileges": [ { "resource": { "db": "", "collection": "" }, "actions": [ "enableSharding" ] } ], "inheritedPrivileges": [ { "resource": { "db": "", "collection": "" }, "actions": [ "enableSharding" ] } ] }我在 mongos 的分片集群中測試了這個,版本:
MongoDB Enterprise mongos> db.version() 3.2.11以及帶有單個 mongod 和版本 3.4.7 的 MacBook
我想我在創建使用者和授予角色方面做錯了什麼?
由於“角色”:“dbAdmin”,您將獲得 customerdb 的“角色”:“enableSharding”。因此,該使用可以對 customerdb 進行分片,但僅此而已。