Role Classification |
role |
Permissions and Roles (This article may have some changes in capitalization, please refer to the official documentation when you use it) |
Database User Roles |
Read |
Collstats,dbhash,dbstats,find,killcursors,listindexes,listcollections |
ReadWrite |
Collstats,converttocapped,createcollection,dbhash,dbstats, Dropcollection,createindex,dropindex,emptycapped,find, Insert,killcursors,listindexes,listcollections,remove, Renamecollectionsamedb,update |
Database Administration Roles |
Dbadmin |
Collstats,dbhash,dbstats,find,killcursors,listindexes,listcollections, Dropcollection and CreateCollection in System.profile. |
Dbowner |
Role: ReadWrite, Dbadmin,useradmin |
Useradmin |
Changecustomdata,changepassword,createrole,createuser, Droprole,dropuser,grantrole,revokerole,viewrole,viewuser |
Cluster Administration Roles |
Clusteradmin |
Role: Clustermanager, Clustermonitor, Hostmanager |
Clustermanager |
Addshard,applicationmessage,cleanuporphaned,flushrouterconfig, Listshards,removeshard,replsetconfigure,replsetgetstatus, Replsetstatechange,resync, Enablesharding,movechunk,splitchunk,splitvector |
Clustermonitor |
Connpoolstats,cursorinfo,getcmdlineopts,getlog,getparameter, Getshardmap,hostinfo,inprog,listdatabases,listshards,netstat, Replsetgetstatus,serverstatus,shardingstate,top Collstats,dbstats,getshardversion |
Hostmanager |
Applicationmessage,closealldatabases,connpoolsync,cpuprofiler, Diaglogging,flushrouterconfig,fsync,invalidateusercache,killop, Logrotate,resync,setparameter,shutdown,touch,unlock |
Backup and Restoration Roles |
Backup |
Provides insert,update permissions in Mms.backup documents in the Admin database List all databases: listdatabases List all collection indexes: listindexes Provide query operations on the following: find * Non-system collection * System collection: System.indexes, System.namespaces, system.js * Collection: Admin.system.users and Admin.system.roles |
Restore |
Non-system collections, System.js,admin.system.users and Admin.system.roles, and version 2.6 system.users provide the following permissions: Collmod,createcollection,createindex,dropcollection,insert List all databases: listdatabases System.users:find,remove,update |
All-database Roles |
Readanydatabase |
Provide read-only permission in all databases: Read List all databases in cluster: listdatabases |
Readwriteanydatabase |
Provide all database read and Write permissions: ReadWrite List all databases in cluster: listdatabases |
Useradminanydatabase |
Provide all user data management rights: Useradmin Cluster:authschemaupgrade,invalidateusercache,listdatabases Admin.system.users and Admin.system.roles: Collstats,dbhash,dbstats,find,killcursors,plancacheread Createindex,dropindex |
Dbadminanydatabase |
Provide all database administrator permissions: dbadmin List all databases in cluster: listdatabases |
Superuser Roles |
Root |
Role: Dbowner,useradmin,useradminanydatabase Readwriteanydatabase, Dbadminanydatabase, Useradminanydatabase,clusteradmin |
Internal role |
__system |
Take any action on any database in the cluster |