Enable Access Control启用访问控制
On this page本页内容
Enabling access control on a MongoDB deployment enforces authentication. 对MongoDB部署启用访问控制将强制执行身份验证。With access control enabled, users are required to identify themselves and can only perform actions that adhere to the permissions granted by the roles assigned to their user.启用访问控制后,用户需要标识自己,并且只能执行符合分配给其用户的角色授予的权限的操作。
If you would like to enable access control for a standalone MongoDB instance, please refer to one of the following resources:如果您想为独立的MongoDB实例启用访问控制,请参阅以下资源之一:
Use SCRAM to Authenticate Clients使用SCRAM对客户端进行身份验证Use x.509 Certificates to Authenticate Clients使用x.509证书对客户端进行身份验证Configure MongoDB with Kerberos Authentication on Linux在Linux上使用Kerberos身份验证配置MongoDBConfigure MongoDB with Kerberos Authentication on Windows在Windows上使用Kerberos身份验证配置MongoDBConfigure MongoDB with Kerberos Authentication and Active Directory Authorization使用Kerberos身份验证和活动目录授权配置MongoDBAuthenticate Using SASL and LDAP with ActiveDirectory使用SASL和LDAP与活动目录进行身份验证Authenticate Using SASL and LDAP with OpenLDAP使用SASL和OpenLDAP进行身份验证Authenticate and Authorize Users Using Active Directory via Native LDAP通过本机LDAP使用活动目录对用户进行身份验证和授权Configure MongoDB with OpenID Connect使用OpenID Connect配置MongoDB
If you would like to enable access control for a replica set or a sharded cluster, please refer to one of the following resources:如果您想为副本集或分片集群启用访问控制,请参阅以下资源之一:
Deploy Replica Set With Keyfile Authentication使用键文件身份验证部署副本集Update Replica Set to Keyfile Authentication将副本集更新为键文件身份验证Update Replica Set to Keyfile Authentication (No Downtime)将副本集更新为键文件身份验证(无停机)Deploy Sharded Cluster with Keyfile Authentication使用键文件身份验证部署分片集群Update Sharded Cluster to Keyfile Authentication将分片群集更新为键文件身份验证Update Sharded Cluster to Keyfile Authentication (No Downtime)将分片群集更新为键文件身份验证(无停机)Configure MongoDB with Kerberos Authentication on Linux在Linux上使用Kerberos身份验证配置MongoDBConfigure MongoDB with Kerberos Authentication on Windows在Windows上使用Kerberos身份验证配置MongoDBConfigure MongoDB with Kerberos Authentication and Active Directory Authorization使用Kerberos身份验证和活动目录授权配置MongoDBAuthenticate Using SASL and LDAP with ActiveDirectory使用SASL和LDAP与活动目录进行身份验证Authenticate Using SASL and LDAP with OpenLDAP使用SASL和OpenLDAP进行身份验证Authenticate and Authorize Users Using Active Directory via Native LDAP通过本机LDAP使用活动目录对用户进行身份验证和授权
Next Steps下一步
To create additional users, see Create a User.要创建其他用户,请参阅创建用户。
To manage users, assign roles, and create custom roles, see Manage Users and Roles.要管理用户、分配角色和创建自定义角色,请参阅管理用户和角色。