Built-in roles help control what users can do in a MongoDB database. They make it easy to give the right access without confusion.
db.createUser({
user: "username",
pwd: "password",
roles: ["roleName"]
})db.createUser({
user: "reader",
pwd: "pass123",
roles: ["read"]
})db.createUser({
user: "writer",
pwd: "pass123",
roles: ["readWrite"]
})db.createUser({
user: "adminUser",
pwd: "pass123",
roles: ["dbAdmin"]
})This example creates a user with readWrite access on the exampleDB database. Then, the user can add a product to the products collection and read it back.
use exampleDB
db.createUser({
user: "testUser",
pwd: "testPass",
roles: ["readWrite"]
})
// Then login as testUser and insert a document
// mongo -u testUser -p testPass --authenticationDatabase exampleDB
// use exampleDB
// db.products.insertOne({name: "apple", price: 1.2})
// To check the inserted document
// db.products.find()Built-in roles cover most common needs, so you usually don't need to create custom roles.
Always assign the least privilege needed to keep your data safe.
Roles apply per database, so a user can have different roles on different databases.
Built-in roles control user permissions easily.
Use read to allow only viewing data.
Use readWrite to allow viewing and changing data.
Use dbAdmin to allow managing database settings.