Security Basics - Built-In Roles

Security Basics - Built-In Roles

This is based on MongoDB documentation

Overview

The roles shown below are some of the Built-In Roles provided by MongoDB.

Database User Roles

Database Administration Roles

Cluster Administration Roles

Backup and Restoration Roles

All-Database Roles

Superuser Roles

1. Database User Roles

Read

readWrite

2. Database Administration Roles

dbAdmin - ability to perform administrative tasks

dbOwner - readWrite, dbAdmin and userAdmin

userAdmin - create and modify roles and users on the current database

3. Cluster Administration Roles

clusterAdmin - clusterManager, clusterMonitor, and hostManager / dropDatabase action.

clusterManager - management and monitoring actions on the cluster / can access the config and local databases, which are used in sharding and replication, respectively.

clusterMonitor - read-only access to monitoring tools, such as the MongoDB Cloud Manager and Ops Manager monitoring agent.

hostManager - monitor and manage servers.

4. Backup and Restoration Roles

backup - privileges to use the MongoDB Cloud Manager backup agent, Ops Manager backup agent, or to use mongodump.

Restore - privileges needed to restore data with mongorestore without the --oplogReplay option or without system.profile collection data.

5. All-Database Roles

readAnyDatabase - read-only permissions as read, except it applies to all databases in the cluster / listDatabases action

readWriteAnyDatabase - read and write permissions as readWrite, except it applies to all databases in the cluster / listDatabases action

userAdminAnyDatabase - access to user administration operations as userAdmin, except it applies to all databases in the cluster.

dbAdminAnyDatabase - access to database administration operations as dbAdmin, except it applies to all databases in the cluster / listDatabases action

6. Superuser Roles

root - readWriteAnyDatabase, dbAdminAnyDatabase, userAdminAnyDatabase and clusterAdmin