| 角色 | 描述 |
|---|---|
| read(只读) |
该角色提供了读取所有非系统集合(collection)和以下系统集合(collections): system.indexes, system.js, system.namespaces collections的权限。 查看该角色具体的权限read |
| readWrite(读写) |
拥有read权限的所有权限,同时还提供了修改非系统集合(collection)和system.js集合的权限。 查看该角色具体的权限readWrite |
| 角色 | 描述 |
|---|---|
| dbAdmin |
提供执行管理任务的能力,例如:与架构(schema-related)相关的任务、索引(index)、收集统计信息(gathering statistics),此角色不授予用户和角色管理权限。 查看该角色具体的权限dbAdmin |
| dbOwner |
提供在数据库上执行任何管理操作的能力,该角色提供了包含readWrite, dbAdmin和userAdmin的所有权限。 |
| userAdmin |
提供在当前数据库上创建和修改角色和用户的能力。 由于该角色语序给任何用户赋予任何权限,也包括本身,所以该角色也间接提供了访问管理权限、集群权限的数据库的能力。 |
| 角色 | 描述 |
|---|---|
| clusterAdmin |
提供最大的群集管理访问权限,提供了包含clusterManager, clusterMonitor和hostManager角色的所有权限。 此外,该角色提供了删除数据库(dropDatabase )的能力。 |
| clusterManager |
提供在集群上的管理和监控权限,拥有此角色的用户可以访问配置和本地数据库,进行分片(sharding)和复制集(replication),分别(respectively)。 查看该角色具体的权限clusterManager。 |
| clusterMonitor |
提供监控工具进行只读访问,例如 MongoDB Cloud Manager、Ops Manager监控。 查看该角色具体的权限clusterMonitor。 |
| hostManager |
提供了监控和管理服务的能力。 查看该角色具体的权限hostManager。 |
| 角色 | 描述 |
|---|---|
| backup |
该角色提供了备份数据所需要的权限,该角色提供了足够的权限来使用MongoDB Cloud Manager、 Ops Manager、mongodump的备份功能。 查看该角色具体的权限backup。 |
| restore |
该角色提供了不使用--oplogReplay参数或不是system.profile集合的mongorestore命令所需要的权限。 查看该角色具体的权限restore。 |
| 角色 | 描述 |
|---|---|
| readAnyDatabase | Provides the same read-only permissions as read, except it applies to all but the local and config databases in the cluster. The role also provides the listDatabases action on the cluster as a whole. For the specific privileges granted by the role, see readAnyDatabase. Changed in version 3.4: Prior to 3.4, readAnyDatabase includes local and config databases. To provide read privileges on the local database, create a user in the admin database with read role in the local database. See also clusterManager role for access to the config and local databases. |
| readWriteAnyDatabase | Provides the same read and write permissions as readWrite, except it applies to all but the local and config databases in the cluster. The role also provides the listDatabases action on the cluster as a whole. For the specific privileges granted by the role, see readWriteAnyDatabase. Changed in version 3.4: Prior to 3.4, readWriteAnyDatabase includes local and config databases. To provide readWrite privileges on the local database, create a user in the admin database with readWrite role in the local database. See also clusterManager role for access to the config and local databases. |
| userAdminAnyDatabase | Provides the same access to user administration operations as userAdmin, except it applies to all but the local and config databases in the cluster. Since the userAdminAnyDatabase role allows users to grant any privilege to any user, including themselves, the role also indirectly provides superuser access. For the specific privileges granted by the role, see userAdminAnyDatabase. Changed in version 3.4: Prior to 3.4, userAdminAnyDatabase includes local and config databases. |
| dbAdminAnyDatabase | Provides the same access to database administration operations as dbAdmin, except it applies to all but the local and config databases in the cluster. The role also provides the listDatabases action on the cluster as a whole. For the specific privileges granted by the role, see dbAdminAnyDatabase. Changed in version 3.4: Prior to 3.4, dbAdminAnyDatabase includes local and config databases. To provide dbAdmin privileges on the local database, create a user in the admin database with dbAdmin role in the local database. See also clusterManager role for access to the config and local databases. |
| 角色 | 描述 |
|---|---|
| root |
该角色提供了包含readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase, clusterAdmin, restore和backup的所有权限。 查看该角色具体的权限root |
| 角色 | 描述 |
|---|---|
| __system |
该角色提供对数据库中任何对象采取任何操作的权限。 除特殊情况外,不要将此角色分配给应用程序或管理人员。 查看更多信息root |