Creating and Managing Roles
Creating a Role
db.createRole(role, writeConcern)
- role is mandatory and its type is document. The details are as follows:
{ role: "<name>", privileges: [ { resource: { <resource> }, actions: [ "<action>", ... ] }, ... ], roles: [ { role: "<role>", db: "<database>" } | "<role>", ... ], authenticationRestrictions: [ { clientSource: ["<IP>" | "<CIDR range>", ...], serverAddress: ["<IP>" | "<CIDR range>", ...] }, ... ] }
Parameter description
Field
Type
Description
role
string
Role name
privileges
Array
This parameter is mandatory. The array elements indicate the permissions of a role.
If this parameter is set to an empty collection, the role does not have any permission.
resource
Documents
The database name or collection name.
actions
Array
List of available operations. Common actions are as follows:
- find
- count
- getMore
- listDatabases
- listCollections
- listIndexes
- insert
- update
- remove
For more actions, see the official document.
roles
Array
Array element. This parameter is mandatory. The array element is the name of a role inherited by the role.
The role can be a preset role read or readWrite or a user-defined role.
authenticationRestrictions
Array
Optional. This parameter specifies the IP address or IP address segment that can be accessed by the role.
- writeConcern specifies the write concern level of a command.
Updating a Role
db.grantPrivilegesToRole(rolename,privileges,writeConcern)
db.revokePrivilegesFromRole(rolename,privileges,writeConcern)
The preceding commands are used to obtain or revoke specified permissions for a role.
- rolename specifies the name of the role to be updated. This parameter is mandatory.
- privileges indicates the permissions to be adjusted for the role.
db.grantPrivilegesToRole( "< rolename >", [ { resource: { <resource> }, actions: [ "<action>", ... ] }, ... ], { < writeConcern > } )
Table 1 privileges description Field
Type
Description
resource
Document
The database name or collection name.
actions
Array
For details, see description about createRole.
In addition to the preceding commands, updateRole can also be used to update role information.
db.updateRole(role, update, writeConcern)
Field |
Type |
Description |
---|---|---|
role |
string |
Role name |
update |
Array |
Mandatory. Its meaning is the same as that of privileges in the command for creating a role. It is used to replace all permission information of a role. |
writeConcern |
Document |
writeConcern specifies the write concern level of a command. |
Deleting a Role
db.dropRole(rolename, writeConcern)
- rolename specifies the name of the role to be deleted. This parameter is mandatory.
- writeConcern specifies the write concern level of a command.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.