Change Your Password and Custom Data更改密码和自定义数据

On this page本页内容

Overview概述

Users with appropriate privileges can change their own passwords and custom data. 具有适当权限的用户可以更改自己的密码和自定义数据。Custom data stores optional user information.存储可选的用户信息。

Considerations注意事项

To generate a strong password for use in this procedure, you can use the openssl utility's rand command. 要生成用于此过程的强密码,可以使用openssl实用程序的rand命令。For example, issue openssl rand with the following options to create a base64-encoded string of 48 pseudo-random bytes:例如,使用以下选项发出openssl rand以创建48个伪随机字节的base64编码字符串:

openssl rand -base64 48

Prerequisites先决条件

To modify your own password and custom data, you must have privileges that grant changeOwnPassword and changeOwnCustomData actions respectively on the user's database.要修改您自己的密码和自定义数据,您必须具有在用户数据库上分别授予changeOwnPasswordchangeOwnCustomData操作的权限。

1

Connect as a user with privileges to manage users and roles.以具有管理用户和角色权限的用户身份连接。

Connect to the mongod or mongos with privileges to manage users and roles, such as a user with userAdminAnyDatabase role. 连接到具有管理用户和角色权限的mongodmongos,例如具有userAdminAnyDatabase角色的用户。The following procedure uses the myUserAdmin created in Enable Access Control.以下过程使用在启用访问控制中创建的myUserAdmin

mongosh --port 27017 -u myUserAdmin -p  --authenticationDatabase 'admin'

If you do not specify the password to the -p command-line option, mongosh prompts for the password.如果未为-p命令行选项指定密码,mongosh将提示输入密码。

2

Create a role with appropriate privileges.创建具有适当权限的角色。

In the admin database, create a new role with changeOwnPassword and changeOwnCustomData.admin数据库中,使用changeOwnPasswordchangeOwnCustomData创建新角色。

use admin
db.createRole(
   { role: "changeOwnPasswordCustomDataRole",
     privileges: [
        {
          resource: { db: "", collection: ""},
          actions: [ "changeOwnPassword", "changeOwnCustomData" ]
        }
     ],
     roles: []
   }
)
3

Add a user with this role.添加具有此角色的用户。

In the test database, create a new user with the created "changeOwnPasswordCustomDataRole" role. test数据库中,使用已创建的"changeOwnPasswordCustomDataRole"角色创建一个新用户。For example, the following operation creates a user with both the built-in role readWrite and the user-created "changeOwnPasswordCustomDataRole".例如,以下操作创建了一个具有内置角色readWrite和用户创建的"changeOwnPasswordCustomDataRole"的用户。

Tip提示

Starting in version 4.2 of the mongo shell, you can use the passwordPrompt() method in conjunction with various user authentication/management methods/commands to prompt for the password instead of specifying the password directly in the method/command call. mongo shell的4.2版开始,您可以结合各种用户身份验证/管理方法/命令使用passwordPrompt()方法来提示输入密码,而不是直接在方法/命令调用中指定密码。However, you can still specify the password directly as you would with earlier versions of the mongo shell.但是,您仍然可以像使用早期版本的mongo shell一样直接指定密码。

use test
db.createUser(
   {
     user:"user123",
     pwd: passwordPrompt(),  // or cleartext password
     roles:[ "readWrite", { role:"changeOwnPasswordCustomDataRole", db:"admin" } ]
   }
)

To grant an existing user the new role, use db.grantRolesToUser().要向现有用户授予新角色,请使用db.grantRolesToUser()

Procedure过程

1

Connect with the appropriate privileges.使用适当的权限连接。

Connect to the mongod or mongos as a user with appropriate privileges.以具有适当权限的用户身份连接到mongodmongos

For example, the following operation connects to MongoDB as user123 created in the Prerequisites section.例如,以下操作作为在先决条件部分中创建的user123连接到MongoDB。

mongosh --port 27017 -u user123 --authenticationDatabase 'test' -p

If you do not specify the password to the -p command-line option, mongosh prompts for the password.如果未为-p命令行选项指定密码,mongosh将提示输入密码。

To check that you have the privileges specified in the Prerequisites section as well as to see user information, use the usersInfo command with the showPrivileges option.要检查您是否具有先决条件部分中指定的权限以及查看用户信息,请使用usersInfo命令和showPrivileges选项。

2

Change your password and custom data.更改密码和自定义数据。

Use the db.updateUser() method to update the password and custom data.使用db.updateUser()方法更新密码和自定义数据。

For example, the following operation changes the user's password to KNlZmiaNUp0B and custom data to { title: "Senior Manager" }:例如,以下操作将用户密码更改为KNlZmiaNUp0B,并将自定义数据更改为{ title: "Senior Manager" }

Tip提示

Starting in version 4.2 of the mongo shell, you can use the passwordPrompt() method in conjunction with various user authentication/management methods/commands to prompt for the password instead of specifying the password directly in the method/command call. mongo shell的4.2版开始,您可以结合各种用户身份验证/管理方法/命令使用passwordPrompt()方法来提示输入密码,而不是直接在方法/命令调用中指定密码。However, you can still specify the password directly as you would with earlier versions of the mongo shell.但是,您仍然可以像使用早期版本的mongo shell一样直接指定密码。

use test
db.updateUser(
   "user123",
   {
      pwd: passwordPrompt(),  // or cleartext password
      customData: { title: "Senior Manager" }
   }
)

Enter the password when prompted.出现提示时输入密码。

←  Manage Users and RolesCollection-Level Access Control →