updateUser

~~On this page~~本页内容

~~Definition~~定义
~~Behavior~~行为
~~Required Access~~所需访问权限
~~Example~~示例

Definition定义

updateUser

~~Updates the user's profile on the database on which you run the command.~~ 在运行命令的数据库上更新用户的配置文件。~~An update to a field completely replaces the previous field's values, including updates to the user's roles and authenticationRestrictions arrays.~~对字段的更新将完全替换上一个字段的值，包括对用户roles和authenticationRestrictions数组的更新。

~~Warning~~警告

~~When you update the roles array, you completely replace the previous array's values.~~ 更新roles数组时，将完全替换上一个数组的值。~~To add or remove roles without replacing all the user's existing roles, use the grantRolesToUser or revokeRolesFromUser commands.~~要添加或删除角色而不替换所有用户的现有角色，请使用grantRolesToUser或revokeRolesFromUser命令。

~~The updateUser command uses the following syntax.~~ updateUser命令使用以下语法。~~To update a user, you must specify the updateUser field and at least one other field, other than writeConcern:~~要更新用户，必须指定updateUser字段和至少一个其他字段（writeConcern除外）：

~~Tip~~提示

Starting in version 4.2 of the mongo shell, you can use the passwordPrompt() method in conjunction with various user authentication/management methods/commands to prompt for the password instead of specifying the password directly in the method/command call. 从mongoshell的4.2版开始，您可以将passwordPrompt()方法与各种用户身份验证/管理方法/命令结合使用，以提示输入密码，而不是直接在方法/命令调用中指定密码。~~However, you can still specify the password directly as you would with earlier versions of the mongo shell.~~但是，您仍然可以像使用早期版本的mongo shell那样直接指定密码。

{
  updateUser: "<username>",
  pwd: passwordPrompt(),
      // Or  "<cleartext password>"
  customData: { <any information> },
  roles: [
    { role: "<role>", db: "<database>" } | "<role>",
    ...
  ],
  authenticationRestrictions: [
     {
       clientSource: ["<IP>" | "<CIDR range>", ...],
       serverAddress: ["<IP>", | "<CIDR range>", ...]
     },
     ...
  ],
  mechanisms: [ "<scram-mechanism>", ... ],
  digestPassword: <boolean>,
  writeConcern: { <write concern> },
  comment: <any>
}

~~The command has the following fields:~~该命令包含以下字段：

~~Field~~字段	~~Type~~类型	~~Description~~描述
`updateUser`	string	~~The name of the user to update.~~要更新的用户的名称。
`pwd`	string	~~Optional.~~ 可选。~~The user's password. The value can be either:~~用户的密码。该值可以是： ~~the user's password in cleartext string, or~~明文字符串中的用户密码，或 `passwordPrompt()` ~~to prompt for the user's password.~~以提示输入用户密码。 ~~Tip~~提示 Starting in version 4.2 of the `mongo` shell, you can use the `passwordPrompt()` method in conjunction with various user authentication/management methods/commands to prompt for the password instead of specifying the password directly in the method/command call. 从mongoshell的4.2版开始，您可以将`passwordPrompt()`方法与各种用户身份验证/管理方法/命令结合使用，以提示输入密码，而不是直接在方法/命令调用中指定密码。~~However, you can still specify the password directly as you would with earlier versions of the `mongo` shell.~~但是，您仍然可以像使用早期版本的`mongo` shell那样直接指定密码。
`customData`	document	~~Optional.~~ 可选。~~Any arbitrary information.~~任何任意信息。
`roles`	array	~~Optional.~~ 可选。~~The roles granted to the user.~~ 授予用户的角色。~~An update to the `roles` array overrides the previous array's values.~~对`roles`数组的更新将覆盖上一个数组的值。
`writeConcern`	document	~~Optional.~~ 可选。~~The level of write concern for the operation. See Write Concern Specification.~~操作的写入关注级别。请参阅写入关注规范。
`authenticationRestrictions`	array	~~Optional.~~ 可选。~~The authentication restrictions the server enforces upon the user.~~ 服务器对用户实施的身份验证限制。~~Specifies a list of IP addresses and CIDR ranges from which the user is allowed to connect to the server or from which the server can accept users.~~指定允许用户连接到服务器或服务器可以接受用户的IP地址和CIDR范围的列表。
`mechanisms`	array	~~Optional.~~ 可选。~~The specific SCRAM mechanism or mechanisms for the user credentials.~~ 用户凭据的特定SCRAM机制。~~If `authenticationMechanisms` is specified, you can only specify a subset of the `authenticationMechanisms`.~~如果指定了`authenticationMechanisms`，则只能指定`authenticationMechanisms`的子集。 If updating the mechanisms field without the password, you can only specify a subset of the user's current mechanisms, and only the existing user credentials for the specified mechanism or mechanisms are retained.如果在没有密码的情况下更新机制字段，则只能指定用户当前机制的子集，并且只保留指定机制的现有用户凭据。 ~~If updating the password along with the mechanisms, new set of credentials are stored for the user.~~如果与机制一起更新密码，则会为用户存储一组新的凭据。 Valid values are: `"SCRAM-SHA-1"` ~~Uses the `SHA-1` hashing function.~~使用`SHA-1`哈希函数。 `"SCRAM-SHA-256"` ~~Uses the `SHA-256` hashing function.~~使用`SHA-256`哈希函数。 ~~Requires featureCompatibilityVersion set to `4.0`.~~需要将`featureCompatibilityVersion`设置为`4.0`。 ~~Requires digestPassword to be `true`.~~要求`digitalPassword`为`true`。 New in version 4.0.在版本4.0中新增。
`digestPassword`	boolean	~~Optional.~~ 可选。~~Indicates whether the server or the client digests the password.~~指示服务器还是客户端对密码进行摘要。 ~~If true, the server receives undigested password from the client and digests the password.~~如果为`true`，则服务器从客户端接收未消化的密码并消化密码。 ~~If false, the client digests the password and passes the digested password to the server.~~ 如果为`false`，则客户端对密码进行消化，并将消化后的密码传递给服务器。~~Not compatible with `SCRAM-SHA-256`~~与`SCRAM-SHA-256`不兼容 Changed in version 4.0.在版本4.0中更改。 ~~The default value is `true`. In earlier versions, the default value is `false`.~~默认值为`true`。在早期版本中，默认值为`false`。
`comment`	any	~~Optional.~~ 可选。~~A user-provided comment to attach to this command. Once set, this comment appears alongside records of this command in the following locations:~~用户提供了附加到此命令的注释。设置后，此注释将与此命令的记录一起显示在以下位置： ~~mongod log messages, in the `attr.command.cursor.comment` field.~~`mongod`日志消息，在`attr.command.cursor.comment`字段中。 ~~Database profiler output, in the `command.comment` field.~~数据库探查器输出，在`command.comment`字段中。 ~~`currentOp` output, in the `command.comment` field.~~`currentOp`输出，在`command.comment`字段中。 ~~A comment can be any valid BSON type(string, integer, object, array, etc).~~注释可以是任何有效的BSON类型（字符串、整数、对象、数组等）。 New in version 4.4.在版本4.4中新增。

Roles角色

~~In the roles field, you can specify both built-in roles and user-defined roles.~~在roles字段中，可以指定内置角色和用户定义角色。

~~To specify a role that exists in the same database where updateUser runs, you can either specify the role with the name of the role:~~要指定运行updateUser的同一数据库中存在的角色，可以使用角色名称指定角色：

"readWrite"

~~Or you can specify the role with a document, as in:~~也可以使用文档指定角色，如：

{ role: "<role>", db: "<database>" }

~~To specify a role that exists in a different database, specify the role with a document.~~若要指定存在于其他数据库中的角色，请使用文档指定该角色。

Authentication Restrictions身份验证限制

~~The authenticationRestrictions document can contain only the following fields.~~ authenticationRestrictions文档只能包含以下字段。~~The server throws an error if the authenticationRestrictions document contains an unrecognized field:~~如果authenticationRestrictions文档包含无法识别的字段，服务器将抛出错误：

Field Name	~~Value~~值	~~Description~~描述
`clientSource`	Array of IP addresses and/or CIDR ranges	~~If present, when authenticating a user, the server verifies that the client's IP address is either in the given list or belongs to a CIDR range in the list.~~ 如果存在，在验证用户时，服务器将验证客户端的IP地址是否在给定列表中或是否属于列表中的CIDR范围。~~If the client's IP address is not present, the server does not authenticate the user.~~如果客户端的IP地址不存在，则服务器不会对用户进行身份验证。
`serverAddress`	~~Array of IP addresses and/or CIDR ranges~~IP地址和/或CIDR范围的数组	~~A list of IP addresses or CIDR ranges to which the client can connect.~~ 客户端可以连接到的IP地址或CIDR范围的列表。~~If present, the server will verify that the client's connection was accepted via an IP address in the given list.~~ 如果存在，服务器将验证客户端的连接是否通过给定列表中的IP地址被接受。~~If the connection was accepted via an unrecognized IP address, the server does not authenticate the user.~~如果通过无法识别的IP地址接受连接，则服务器不会对用户进行身份验证。

~~Important~~重要

~~If a user inherits multiple roles with incompatible authentication restrictions, that user becomes unusable.~~如果用户继承了具有不兼容身份验证限制的多个角色，则该用户将无法使用。

For example, if a user inherits one role in which the clientSource field is ["198.51.100.0"] and another role in which the clientSource field is ["203.0.113.0"] the server is unable to authenticate the user.例如，如果用户继承了clientSource字段为["198.51.100.0"]的一个角色和clientSource字段是["203.0.113.0"]的另一个角色，则服务器无法对用户进行身份验证。

~~For more information on authentication in MongoDB, see Authentication.~~有关MongoDB中身份验证的更多信息，请参阅身份验证。

Behavior行为

~~Warning~~警告

~~By default, updateUser sends all specified data to the MongoDB instance in cleartext, even if using passwordPrompt().~~ 默认情况下，updateUser将所有指定的数据以明文形式发送到MongoDB实例，即使使用passwordPrompt()也是如此。~~Use TLS transport encryption to protect communications between clients and the server, including the password sent by updateUser.~~ 使用TLS传输加密来保护客户端和服务器之间的通信，包括updateUser发送的密码。~~For instructions on enabling TLS transport encryption, see Configure mongod and mongos for TLS/SSL.~~有关启用TLS传输加密的说明，请参阅为TLS/SSL配置mongod和mongos。

~~MongoDB does not store the password in cleartext.~~ MongoDB不以明文形式存储密码。~~The password is only vulnerable in transit between the client and the server, and only if TLS transport encryption is not enabled.~~只有在未启用TLS传输加密的情况下，密码才在客户端和服务器之间传输时易受攻击。

Required Access所需访问权限

~~You must have access that includes the revokeRoleaction on all databases in order to update a user's roles array.~~为了更新用户的roles数组，您必须对所有数据库具有包括revokeRole操作的访问权限。

~~You must have the grantRole action on a role's database to add a role to a user.~~必须对角色的数据库执行grantRole操作才能向用户添加角色。

~~To change another user's pwd or customData field, you must have the changePassword and changeCustomDataactions respectively on that user's database.~~要更改另一个用户的pwd或customData字段，必须分别对该用户的数据库执行changePassword和changeCustomData操作。

~~To modify your own password and custom data, you must have privileges that grant changeOwnPassword and changeOwnCustomData actions respectively on the user's database.~~要修改您自己的密码和自定义数据，您必须具有分别对用户数据库授予changeOwnPassword和changeOwnCustomData操作的权限。

Example示例

~~Given a user appClient01 in the products database with the following user info:~~为products数据库中的用户appClient01提供以下用户信息：

{
   "_id" : "products.appClient01",
   "userId" : UUID("c5d88855-3f1e-46cb-9c8b-269bef957986"), // Starting in MongoDB 4.0.9
   "user" : "appClient01",
   "db" : "products",
   "customData" : { "empID" : "12345", "badge" : "9156" },
   "roles" : [
       { "role" : "readWrite",
         "db" : "products"
       },
       { "role" : "read",
         "db" : "inventory"
       }
   ],
   "mechanisms" : [   // Starting in MongoDB 4.0
      "SCRAM-SHA-1",
      "SCRAM-SHA-256"
   ]
}

~~The following updateUser command completely replaces the user's customData and roles data:~~以下updateUser命令完全替换用户的customData和roles数据：

use products
db.runCommand( {
   updateUser : "appClient01",
   customData : { employeeId : "0x3039" },
   roles : [ { role : "read", db : "assets" } ]
} )

~~The user appClient01 in the products database now has the following user information:~~products数据库中的用户appClient01现在具有以下用户信息：

{
   "_id" : "products.appClient01",
   "userId" : UUID("c5d88855-3f1e-46cb-9c8b-269bef957986"), // Starting in MongoDB 4.0.9
   "user" : "appClient01",
   "db" : "products",
   "customData" : { "employeeId" : "0x3039" },
   "roles" : [
       { "role" : "read",
         "db" : "assets"
       }
   ],
   "mechanisms" : [   // Starting in MongoDB 4.0
      "SCRAM-SHA-1",
      "SCRAM-SHA-256"
   ]
}

← revokeRolesFromUser usersInfo →