本文共 1729 字,大约阅读时间需要 5 分钟。
system.roles集合删不掉
当你自定义了特权(角色):db.createRole( { role: "dropSystemViewsAnyDatabase", privileges: [ { actions: [ "dropCollection" ], resource: { db: "", collection: "system.roles" } } ], roles: [] })// admin库下自动生成system.roles集合:{ "_id" : "admin.dropSystemViewsAnyDatabase", "role" : "dropSystemViewsAnyDatabase", "db" : "admin", "privileges" : [ { "resource" : { "db" : "", "collection" : "system.roles" }, "actions" : [ "dropCollection" ] } ], "roles" : []}// 然后期望配置该权限能删除system.roles集合,但是并没有用,不得而知{ "_id" : "admin.admin", "userId" : UUID("198fe62e-8f36-421e-877e-4d73ca1a1fe4"), "user" : "admin", "db" : "admin", "credentials" : { "SCRAM-SHA-1" : { "iterationCount" : 10000, "salt" : "rmYnVC/Kc8U8jHJ8Xoa0AA==", "storedKey" : "s2s+seXTlu5e/Et3RBMRjcT+1sc=", "serverKey" : "qwEGx4vyIn6UHWXiPwDYVSAb9QA=" }, "SCRAM-SHA-256" : { "iterationCount" : 15000, "salt" : "UEJ8pbH7IU7HFyhjjQCn31h2OY5GjZ6SXONgjw==", "storedKey" : "z6otQQpA4/SU5N6VJfuD3mm68kBH0z+5aKIexmgXaP4=", "serverKey" : "MdeLFLQOh7gM93WrNioub9UjLSc8SREDQZskfT7wiYQ=" } }, "roles" : [ { "role" : "root", // 该权限可以读写除了system.*之外的所有 "db" : "admin" }, { "role" : "__system", // 该权限可以读写system.* "db" : "admin" }, { "role" : "dropSystemViewsAnyDatabase",// 配置了自定义的权限,但是并没有用,不得而知 "db" : "admin" } ]} ps:就算取消了登录授权依然删不掉system.role,有哪个同学晓得啊???
转载地址:http://ihsxx.baihongyu.com/