> For the complete documentation index, see [llms.txt](https://stb11816.gitbook.io/python_note/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://stb11816.gitbook.io/python_note/database/mongodb/authentication.md).

# authentication

<https://www.w3schools.com/python/python_mongodb_create_db.asp>

## 名詞概念對應

| SQL      | MongoDB    |
| -------- | ---------- |
| database | database   |
| table    | collection |
| row      | document   |
| column   | field      |

## 權限設定

mongodb安裝完成後，預設會建立一個名為admin的database，可藉由mongo shell操作

預設是無權限規範，需要自行手動設定

角色說明：

| **角色名稱**             | **簡介**                                           |
| -------------------- | ------------------------------------------------ |
| Read                 | 允許用戶讀取指定數據庫                                      |
| readWrite            | 允許用戶讀寫指定數據庫                                      |
| dbAdmin              | 允許用戶在指定數據庫中執行管理函數，如索引創建、刪除，查看統計或訪問system.profile |
| userAdmin            | 允許用戶向system.users集合寫入，可以找指定數據庫裡創建、刪除和管理用戶        |
| clusterAdmin         | 只在admin數據庫中可用，賦予用戶所有分片和複製集相關函數的管理權限              |
| readAnyDatabase      | 只在admin數據庫中可用，賦予用戶所有數據庫的讀權限                      |
| readWriteAnyDatabase | 只在admin數據庫中可用，賦予用戶所有數據庫的讀寫權限                     |
| userAdminAnyDatabase | 只在admin數據庫中可用，賦予用戶所有數據庫的userAdmin權限              |
| dbAdminAnyDatabase   | 只在admin數據庫中可用，賦予用戶所有數據庫的dbAdmin權限                |
| root                 | 只在admin數據庫中可用。超級賬號，超級權限                          |

### 1. 啟動mongo shell

ubuntu：任何目錄皆可輸入

```
mongo
```

若啟動失敗，嘗試重啟mongod服務

```
sudo service start mongod
```

或

```
sudo service restart mongod
```

### 2. 進入database(admin)

```
use admin
```

### 3. 建立屬於admin的SuperUser

```
db.createUser( {user: "my_superuser", pwd: "icanpass", roles: [{role: "userAdminAnyDatabase", db: "admin"} ] } );
```

必須先有此帳號，才能進一步配置新帳號權限

### 4. 配置新帳號權限

```
db.createUser( {user: "new_user", pwd: "password", roles: [{role: "dbOwner", db: "db_name"}] });
```

db\_name就是此帳號所需要控管的db名稱

### 5. 啟動驗證機制並重新啟動服務

啟動驗證機制：

```
mongo --auth
```

或修改/etc/mongod.conf，新增最後一行

```
security:
  authorization: enabled
```

或修改/etc/mongod.conf，新增最後一行

```
auth=true
```

最後重新啟動mongod服務

```
sudo service restart mongod
```

### 6. 測試登入

需要用新的使用者資訊來登入

```
mongo --port 27017 -u <SuperUserName> -p "xx" --authenticationDatabase "admin"
mongo -u <SuperUserName> -p --authenticationDatabase admin
```

參考資料：

<https://segmentfault.com/a/1190000015603831><https://www.facebook.com/notes/%E9%84%AD%E6%A5%AD%E8%96%B0/%E5%B7%A5%E4%BD%9C%E7%AD%86%E8%A8%98mongodb-user-role%E8%A8%AD%E5%AE%9A%E7%AD%86%E8%A8%98/10152402345234468/>

<https://bowwow.tips/post/20160531/>

<https://www.kdzone.net/2017/04/mongodb-3.html>

<https://tunin-tunintsai.blogspot.com/2017/02/mongodb.html>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://stb11816.gitbook.io/python_note/database/mongodb/authentication.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.