Https://docs.mongodb.org/v3.0/reference/built-in-roles/#dbAdmin
database user roles are:Readreadwrite
The database administrator role is:Dbadmindbowner (includes dbadmin,readwrite,useradmin) useradmin
The Cluster Administrator role is:Clusteradmin (includes Clustermanager,clustermonitor,hostmanager) Clustermanagerclustermonitorhostmanager
all database roles are:Readanydatabasereadwriteranydatabaseuseradminanydatabasedbadminanydatabase
Super User RoleRoot (includes readwriteanydatabase,dbadminanydatabase,useradminanydatabase,clusteradmin)
built-in role (built-in Roles)
Database Roles
read:You can access all collections data that is not at the system level, or you can read the data in the System.indexes System.js system.namespaces collection, and allow the following functions to be invoked: Collstatsdbhashdbstats Findkillcursorslistindexeslistcollections
ReadWrite:You can invoke the ability to read all the collections, not write system-level collections except System.js allows the following functions to be called: Collstatsconverttocappedcreatecollectiondbhashdbstatsdropcollectioncreateindexdropindexfindemptycappedi Nsertkillcurrsorslistindexeslistcollectionsremoverenamecollectionsamedbupdate
Database Administrator Role
DbAdmin1, can be in System.indexes, System.namespaces, System.profile The following actions on the collection: Collstatsdbhashdbstatsfindkillcursorslistindexeslistcollectionsdropcollection and CreateCollection on System.profile only 2, The following operations can be invoked on non-system-level collections: Collmodcollstatscompactconverttocappedcreatecollectioncreateindexdbstatsdropcollectiondropdatabasedropin Dexenableprofilerindexstatsreindexrenamecollectionsamedbrepairdatabasestoragedetailsvalidate 3, Dbadmin roles do not have full access to system-level collections
UseradminThe database Administrator role provides the ability to create, modify roles, and user accounts in the current database. Users who have this role can grant any permissions (including the Useradmin role) to other users, which indirectly leads to the generation of super users ; provides the following functions: Changecustomdatachangepasswordcreaterolecreateuserdroproledropusergrantrolerevokeroleviewroleviewuser
DbownerThe database administrator role has readWrite, dbAdmin useradmin all roles
cluster (replication set) Administrator role
ClusteradminThis role includes: Clustermanager, Clustermonitor, Hostmanager, and Dropdatabase
ClustermanagerAccess to local and config Database Addshardapplicationmessagecleanuporphanedflushrouterconfiglistshardsremoveshardreplsetconfigurereplsetgetstatusreplset Statechangeresyncenableshardingmovechunksplitchunksplitvector can be used for config Database Execution Insertremoveupdatecollstatsdbhashfindkillcursors
ClustermonitorDb.createuser ({User: "Mmsuser", pwd: "[email protected]", roles:["Clustermonitor"]}) Connpollstatscursorinfogetcmdlineoptsgetloggetparametergetshardmaphostinfoinproglistdatabaseslisstshardsnetstatreplsetget Statusserverstatusshardingstatetopcollstatsdbstatsgetshardversion in Sharding's config Available on Collstatsdbhashdbstatsfindkillcursors
HostmanagerApplicationmessageclosealldatabasesconnpoolsynccpuprofilerdiagloggingflushrouterconfigfsyncinvalidateusercachekilloplogro Tateresyncsetparametershowdowntouchunlock
all database roles all-database Roles
ReadanydatabaseProvide the same permissions as the read role on all databases on the cluster, while providing listdatabases command permissions
ReadwriteanydatabaseProvide the same permissions as the ReadWrite role on all databases on the cluster, while providing listdatabases command permissions
UseradminanydatabaseProvides the same permissions as the Useradmin role on all databases in the cluster, in addition to providing permissions authschemaupgradeinvalidateusercachelistdatabases The role also provides the System.users and system.roles The following execution permissions Collstatsdbhashdbstatsfindkillcursorsplancachereadcreateindexdropindex
DbadminanydatabaseProvide the same permissions as the Dbadmin role on all databases on the cluster, while providing listdatabases command permissions
Super User role Superuser RolesRoot
You can run the Rolesinfo command to query the detailed permissions that a role has on the specified database
Db.runcommand ({rolesinfo:{role: "DbAdmin", DB: "DbName"}.showprivileges:true})
also or
Db.runcommand ({rolesinfo:[{role: "RoleName", DB: "DbName01"},{role: "RoleName02", DB: "DbName02"}], Showprivileges:true})
View all user custom roles and system built-in roles
Db.runcommand ({rolesinfo:1,showbuiltinroles:true})
View all user custom roles
Db.runcommand (rolesinfo:1,showprivileges:true)
MongoDB Role Summary