MongoDB uses database users to authenticate clients and grant varying levels of access to your deployment. You can assign roles to database users based on the required level of access and specific tasks they need to perform.MongoDB使用数据库用户对客户端进行身份验证,并授予对部署的不同级别的访问权限。您可以根据所需的访问级别和他们需要执行的特定任务为数据库用户分配角色。
Use Cases用例
For example, you can create database users to:例如,您可以创建数据库用户以:
Allow reads and writes to the database but restrict administrative access.允许对数据库进行读取和写入,但限制管理访问。Assign administrative privileges to manage the database, perform backups, and configure settings.分配管理权限以管理数据库、执行备份和配置设置。Grant read-only access for reporting and analytics purposes.为报告和分析目的授予只读访问权限。
Behavior行为
Database users and their permissions are governed by the roles that are assigned to them. You can use MongoDB's built-in roles or create custom roles.数据库用户及其权限由分配给他们的角色管理。您可以使用MongoDB的内置角色或创建自定义角色。
Database Users in Self-Managed Deployments自我管理部署中的数据库用户
You can grant database users in self-managed deployments one or more roles. Roles grant users privileges to perform actions on specified resources. Users can perform actions on the following resources:您可以在自我管理部署中为数据库用户授予一个或多个角色。角色授予用户在指定资源上执行操作的权限。用户可以对以下资源执行操作:
Collections集合Databases数据库Clusters聚集
For more information, see Built-In Roles.有关更多信息,请参阅内置角色。
To create and manage users in your self-managed deployment, use the 要在自我管理部署中创建和管理用户,请使用createUser command or the db.createUser() method.createUser命令或db.createUser()方法。
Database Users in MongoDB AtlasMongoDB Atlas中的数据库用户
Database users in MongoDB Atlas have different built-in roles than self-managed deployments. When you create a database user in MongoDB Atlas, Atlas built-in roles apply to all databases in your project. MongoDB Atlas中的数据库用户具有与自我管理部署不同的内置角色。当您在MongoDB Atlas中创建数据库用户时,Atlas内置角色适用于项目中的所有数据库。To learn more, see Altas Built-In Roles and Privileges.要了解更多信息,请参阅Altas内置角色和权限。
Note
Database users are separate from Atlas users. Database users have access to MongoDB databases, while Atlas users have access to the Atlas application itself.数据库用户与Atlas用户是分开的。数据库用户可以访问MongoDB数据库,而Atlas用户可以访问Atlas应用程序本身。
You can create database users, assign built-in roles, and create custom roles in the Atlas CLI, Atlas Administration API, or the Atlas UI. 您可以在Atlas CLI、Atlas Administration API或Atlas UI中创建数据库用户、分配内置角色和创建自定义角色。To learn more, see Add Database Users.要了解更多信息,请参阅添加数据库用户。
Get Started开始使用
To create and manage database users, see:要创建和管理数据库用户,请参阅:
Details详情
Authentication认证
When you create a user, you can specify the authentication mechanism that the user uses to authenticate to the database. MongoDB supports the following authentication mechanisms:创建用户时,可以指定用户用于向数据库进行身份验证的身份验证机制。MongoDB支持以下身份验证机制:
| SCRAM | X.509 | Kerberos | LDAP | OIDC | AWS-IAM | |
|---|---|---|---|---|---|---|
| MongoDB Community | ✓ | ✓ | ||||
| MongoDB Enterprise | ✓ | ✓ | ✓ | ✓ | ✓ | |
| MongoDB Atlas (M10 and above) | ✓ | ✓ | ✓ | ✓ | ✓ | |
| MongoDB Atlas (Shared Tier) | ✓ | ✓ | ✓ | |||
| MongoDB Atlas (Flex) | ✓ | ✓ | ✓ |
To learn more, see:要了解更多信息,请参阅:
Authorization授权
MongoDB uses Role-Based Access Control (RBAC) to verify a user's access to resources and operations in the database. MongoDB使用基于角色的访问控制(RBAC)来验证用户对数据库中资源和操作的访问。Although database users in MongoDB Atlas have different built-in roles than self-hosted deployments, the built-in roles for each type of deployment are built from the same set of privilege actions.尽管MongoDB Atlas中的数据库用户具有与自托管部署不同的内置角色,但每种部署类型的内置角色都是基于同一组权限操作构建的。
To learn more, see:要了解更多信息,请参阅: