Authentication Flow
Create Administrator
use admin
db.createUser({
user: "adminUser",
pwd: "securePassword",
roles: [ { role: "userAdminAnyDatabase", db: "admin" } ]
})
Enable Authorization
security:
authorization: enabled
Create Regular Users
use wzk_test1
db.createUser({
user:"zhangsan",
pwd:"123456",
roles:[{role:"readWrite",db:"wzk_test1"}]
})
db.createUser({
user:"lisi",
pwd:"123456",
roles:[{role:"read",db:"wzk_test1"}]
})
Sharded Cluster Authentication
- Close all configurations
- Generate key:
openssl rand -base64 756 > testKeyFile.file
- Configure key file
- Start services
Minimum Privilege Principle
Administrator Division
- Platform administrator: root
- DB administrator: dbAdminAnyDatabase + userAdminAnyDatabase
- Cluster administrator: clusterAdmin
Application Division
- Read-write: readWrite@
- Read-only: read@
Error Quick Reference
| Error | Solution |
|---|
| Authentication failed | Use URI to specify authSource |
| not authorized on db | Grant required actions |
| listDatabases denied | Grant readAnyDatabase |