Roles in MongoDB
MongoDB uses Role Based Access Control (RABC) to provide access to any MongoDB system.
MongoDB supports multiple authentication methods like x.509 Certificate Kerberos Authentication and may like these authentication methods and the access to the database granted through the role-based authorization.
There are two types of roles in MongoDB:
1. Built-In Roles
2. User defined Roles
Built In Roles: MongoDB provides multiple built-in roles to control the access and privileges within the database.
These roles are used for the level of permission to the users to perform various operations within the database.
MongoDB provides all built-in roles only on the admin database.
Ex: Database user roles, Database Administration roles
User-Defined Roles: These roles are created when the user has to be given some custom roles or specific roles.
Ex: if you want to create a user that allow the user to read data from a particular collection, but not from the other collections.
Different Built-In Roles Provided by MongoDB are:
1. Database user roles
2. Database Administration roles
3. Cluster Administration roles
4. Backup and Restoration roles
5. All Database roles
6. Superuser roles
Database user roles:
Every database will contain these roles. This includes read and read Write.
read:
♦ It has the ability to read all the collections except the system collections and js collection.
readWrite:
♦ It has the ability to both read and write operations on non-system collections and js collections.
♦ It can read, insert, update and deleting documents in the collection.
Database Administration roles:
Every database will contain these roles. This includes dbAdmin, userAdmin, dbOwner.
dbAdmin:
♦ It provides administration privileges to specific database.
♦ This role has the ability to perform administrative tasks like creating and dropping the collections, index creation and management and gathering statistics.
userAdmin:
♦ This provides the user to manage user related actions within a specific database.
♦ This role has the ability to create, modify, and delete user accounts within the specified database.
♦ This role can allow users to grant any kind of privilege to any user including themselves.
dbOwner:
♦ It has complete access and administration to specific database.
♦ This role has multiple privileges which are a combination of the roles of readWrite, userAdmin and dbAdmin roles.
♦ It has the ability to perform read, write, modify, delete, manage roles and also the users.
Cluster Administration roles:
Designed to manage and administration of MongoDB Clusters. This includes clusterAdmin, clusterManager, clusterMonitor, hostManger.
clusterManager:
♦ It provides the management and monitoring action on the entire cluster.
♦ This role has the ability to view and modify the cluster’s config which includes the storage, sharding and replica sets.
clusterMonitor:
♦ It provides monitoring access to the cluster.
♦ This role has the ability to monitor the cluster health, can view the logs, status, cluster performance which includes the metrics.
hostManger:
♦ It has the ability to monitor and manage the servers.
clusterAdmin:
♦ It provides complete administrative access across the entire cluster.
♦ It has the ability to manage the databases, collections, and also to configure, monitor and maintain the complete cluster.
Backup and Restoration roles:
To give permissions for performing backup and restoration operations in MongoDB. This includes backup and restore.
backup:
♦ It allows the users to create backups of the collections.
♦ This role has the ability to perform backups, taking the screenshots of the databases and can perform data migration.
restore:
♦ It allows the users to restore the databases and collections.
♦ This role has the ability to perform data recovery from the backups or from the screenshots.
Author : Teja |
LinkedIn : https://www.linkedin.com/in/teja-sai-nadh-reddy-tatireddy-048882201
Thank you for giving your valuable time to read the above information. Please click here to subscribe for further updates
KTExperts is always active on social media platforms.
Facebook : https://www.facebook.com/ktexperts/
LinkedIn : https://www.linkedin.com/company/ktexperts/
Twitter : https://twitter.com/ktexpertsadmin
YouTube : https://www.youtube.com/c/ktexperts
Instagram : https://www.instagram.com/knowledgesharingplatform
Note: Please test scripts in Non Prod before trying in Production.