system.users collection associates a user+database with 1+ roles
{http://docs.mongodb.org/v2.6/reference/system-roles-collection/}
system.roles collection associates a role+database with 1+ privileges and/or 1+ roles to inherit
{http://docs.mongodb.org/v2.6/reference/system-users-collection/}
- user
{http://docs.mongodb.org/v2.6/reference/command/#user-management-commands}
MongoDB scopes a user to the database in which the user is created.
- role
{http://docs.mongodb.org/v2.6/reference/built-in-roles/}
{http://docs.mongodb.org/v2.6/reference/system-roles-collection/}
{http://docs.mongodb.org/v2.6/reference/command/#role-management-commands}
role is a collection of privileges (privilege is a resource and 1+ actions)
role applies to database on which its defined
MongoDB stores all role information in the admin.system.roles collection in the admin database.
- Database User Roles
{http://docs.mongodb.org/v2.6/reference/built-in-roles/#database-user-roles}
{read, readWrite} - Database Admin Roles
{http://docs.mongodb.org/v2.6/reference/built-in-roles/#database-administration-roles} {dbAdmin, dbOwner, userAdmin} - Cluster Admin Roles
{http://docs.mongodb.org/v2.6/reference/built-in-roles/#cluster-administration-roles} {clusterAdmin, clusterManager} - Backup & Restore Roles
{http://docs.mongodb.org/v2.6/reference/built-in-roles/#backup-and-restoration-roles} {backup, restore} - All-Database Roles
{http://docs.mongodb.org/v2.6/reference/built-in-roles/#all-database-roles}{readAnyDatabase, readWriteAnyDatabase, userAdminAnyDatabase, dbAdminAnyDatabase} - SuperUser Roles
{http://docs.mongodb.org/v2.6/reference/built-in-roles/#superuser-roles}
{root, userAdminAnyDatabase, and (dbOwner or userAdmin)when scoped to admin database}
- privilege
{http://docs.mongodb.org/v2.6/reference/privilege-actions/}
privilege is a resource and 1+ actions
- resource
{http://docs.mongodb.org/v2.6/reference/resource-document/}
{Database, Collection, Cluster}
- action
{http://docs.mongodb.org/v2.6/reference/privilege-actions/}
define the operations a user can perform on a resource - Query & Write actions
{http://docs.mongodb.org/v2.6/reference/privilege-actions/#query-and-write-actions}
{find, insert, remove, update} - Database Management actions
{http://docs.mongodb.org/v2.6/reference/privilege-actions/#database-management-actions}
{changeCustomData, changeOwnCustomData, createCollection, createIndex, createRole, createUser, enableProfiler, killCursors, unlock, etc etc} - Deployment Management actions
{http://docs.mongodb.org/v2.6/reference/privilege-actions/#deployment-management-actions}
{authSchemaUpgrade, cleanupOrphaned, cpuProfiler, inprog, killop, planCacheRead, storageDetails, etc etc} - Replication actions
{http://docs.mongodb.org/v2.6/reference/privilege-actions/#replication-actions}
{appendOplogNote, replSetConfigure, replSetGetStatus, resync, etc etc} - Sharding actions
{http://docs.mongodb.org/v2.6/reference/privilege-actions/#sharding-actions}
{addShard, enableSharding, flushRouterConfig, listShards, moveChunk, shardingState, etc etc} - Server Admin actions
{http://docs.mongodb.org/v2.6/reference/privilege-actions/#server-administration-actions}
{closeAllDatabases, collMod, compact, convertToCapped, dropDatabase, dropIndex, hostInfo, logRotate, repairDatabase, shutdown, touch, etc etc} - Diagnostic actions
{http://docs.mongodb.org/v2.6/reference/privilege-actions/#diagnostic-actions}
{collStats, connPoolStats, cursorInfo, dbStats, getLog, indexStats, listDatabases, netstat, serverStatus, top, } - Internal actions
{http://docs.mongodb.org/v2.6/reference/privilege-actions/#internal-actions}
{anyAction, internal}
No comments:
Post a Comment