授予向用户app_admin的授予readwrite特权如下:
db.createUser({"user":"app_admin", "pwd":"itnihao", "roles": [{"role": "readWrite", "db":"app1"},{"role": "readWrite", "db":"app2"},{"role": "readWrite", "db":"app3"}]})
问题是用户app_admin如何发现可见的数据库app1,app2,app3不带listDatabases特权?
我找到了Mongod GUI工具studio 3T,Mongodb Compass可以做到这一点。
tcpdump studio 3T之后,查找usersInfo可以做到这一点。
> db.runCommand({"usersInfo": {"user": "app_admin", "db": "admin"}})
{
"users" : [
{
"_id" : "admin.app_admin",
"user" : "app_admin",
"db" : "admin",
"roles" : [
{
"role" : "readWrite",
"db" : "app4"
},
{
"role" : "readWrite",
"db" : "app1"
},
{
"role" : "readWrite",
"db" : "app2"
},
{
"role" : "readWrite",
"db" : "app3"
}
]
}
],
"ok" : 1
}