readAnyDatabase角色4.0版本后不再支持local和config库的读权限。
若想获得local和config的读权限?
解决:在usr下单独添加config和local库的read角色。
db.updateUser("dddddd",{roles:[ {role:"read",db:"local"},{role:"readAnyDatabase",db:"admin"} ]})
参考文档:
https://docs.mongodb.com/manual/reference/built-in-roles/#dbAdmin
https://docs.mongodb.com/manual/reference/command/updateUser/
使用pymongo示例:
from pymongo import MongoClient
class RdsMongoClient(MongoClient):
ALMOST_SYNC_INTERVAL = 10 # seconds
@classmethod
def new(cls, ip, port, user=None, pwd=None, set_name=None, w='majority', **kwargs):
conn_url = get_mongo_conn_url(ip, port, user, pwd, set_name)
return cls(conn_url, maxIdleTimeMS=3000, socketTimeoutMS=60000, connectTimeoutMS=3000,
serverSelectionTimeoutMS=30000, waitQueueTimeoutMS=3000, waitQueueMultiple=3000,
w=w,
**kwargs)
cli = RdsMongoClient.new(
"localhost",
3042,
user='user',
pwd='password')
# db.updateUser("dddddd",{roles:[ {role:"read",db:"local"},{role:"readAnyDatabase",db:"admin"} ]})
roles = [
{"role": "readAnyDatabase", "db": "admin"}, {"role": "read", "db": "local"}, {"role": "read", "db": "config"}
]
cli.create_super_user('dddd', '123456aA', roles=roles)