Database Reference
In-Depth Information
> use blog
switched to db blog
> show collections
system.indexes
system.users
authors
posts
tagcloud
MongoDB User Roles
Currently MongoDB supports the following roles that users can have within its permissions framework:
•
read
—Allows the user to read from the given database.
•
readWrite
—Grants the user read and write access to the given database.
•
dbAdmin
—Allows the user to perform administrative functions within the given database
such as creating or removing indexes, viewing statistics or accessing the
system.profile
collection.
•
userAdmin
—Allows the user to write to the
system.users
collection. With this permission you
can create, delete, and administer the users for this database.
•
clusterAdmin
—Available only within the
admin
database. Confers full administrative access to
all sharding and replica set-related functions.
•
readAnyDatabase
—Available only within the
admin
database. Grants the read permission on
all databases.
•
readWriteAnyDatabase
—Available only within the
admin
database. Grants the readWrite
permission on all databases.
•
userAdminAnyDatabase
—Available only within the
admin
database. Grants the userAdmin
permission on all databases.
•
dbAdminAnyDatabase
—Available only within the
admin
database. Grants the
dbAdmin
permission on all databases.
Delegated Credentials
As mentioned earlier, beginning with the 2.4 release of MongoDB it is possible to have one master user and then
create subsequent users that use the master user's credentials for authentication, a feature called creating
delegated
credentials
. Let's say we create the user
tes
t on our
foo
database as follows:
> use foo
> db.addUser(user : "test", pwd: "password", roles: ["readWrite" ])