翻译或纠错本页面

system.users集合

在 2.6 版更改.

On this page

The system.users collection in the admin database stores user authentication and authorization information. To manage data in this collection, MongoDB provides user management commands.

system.users模式

system.users集合中的文档具有以下模式:

{
  _id: <system defined id>,
  user: "<name>",
  db: "<database>",
  credentials: { <authentication credentials> },
  roles: [
           { role: "<role name>", db: "<database>" },
           ...
         ],
  customData: <custom information>
 }

每个system.users文档拥有以下字段:

admin.system.users.user

The user field is a string that identifies the user. A user exists in the context of a single logical database but can have access to other databases through roles specified in the roles array.

admin.system.users.db

The db field specifies the database associated with the user. The user’s privileges are not necessarily limited to this database. The user can have privileges in additional databases through the roles array.

admin.system.users.credentials

The credentials field contains the user’s authentication information. For users with externally stored authentication credentials, such as users that use Kerberos or x.509 certificates for authentication, the system.users document for that user does not contain the credentials field.

admin.system.users.roles

The roles array contains role documents that specify the roles granted to the user. The array contains both built-in roles and user-defined role.

每个身份文档具有以下的句法:

{ role: "<role name>", db: "<database>" }

每个身份文档拥有以下字段:

admin.system.users.roles[n].role

身份命名。每个身份可以是MongoDB系统提供的身份,也可以是用户自定义的身份。

admin.system.users.roles[n].db

数据库的名字和其身份同时定义。

When specifying a role using the role management or user management commands, you can specify the role name alone (e.g. "readWrite") if the role that exists on the database on which the command is run.

admin.system.users.customData

admin.system.users.customData字段包含了一些关于用户的可选的设置信息。

例如

在 3.0.0 版更改.

考虑以下在system.users集合里的文档:

{
  _id : "home.Kari",
  user : "Kari",
  db : "home",
  credentials : {
         "SCRAM-SHA-1" : {
                 "iterationCount" : 10000,
                 "salt" : nkHYXEZTTYmn+hrY994y1Q==",
                 "storedKey" : "wxWGN3ElQ25WbPjACeXdUmN4nNo=",
                 "serverKey" : "h7vBq5tACT/BtrIElY2QTm+pQzM="
         }
  },
  roles : [
            { role: "read", db: "home" },
            { role: "readWrite", db: "test" },
            { role: "appUser", db: "myApp" }
          ],
  customData : { zipCode: "64157" }
}

The document shows that a user Kari is associated with the home database. Kari has the read role in the home database, the readWrite role in the test database, and the appUser role in the myApp database.