Concept Flow - Custom role creation

Start

↓

Define Role Name

↓

Specify Privileges

↓

Specify Resources

↓

Create Role Command

↓

Role Created in Database

↓

Assign Role to User

↓

End

The flow shows defining a role name, specifying privileges and resources, creating the role, and then assigning it to a user.

Execution Sample

MongoDB

db.createRole({
  role: "readWriteReports",
  privileges: [
    { resource: { db: "reportsDB", collection: "sales" }, actions: ["find", "insert"] }
  ],
  roles: []
})

This code creates a custom role named 'readWriteReports' with find and insert privileges on the sales collection in reportsDB.

Execution Table

Step	Action	Input/Command	Result/Output
1	Define role name	role: "readWriteReports"	Role name set to 'readWriteReports'
2	Specify privileges	{ resource: { db: "reportsDB", collection: "sales" }, actions: ["find", "insert"] }	Privileges set for find and insert on sales collection
3	Specify inherited roles	roles: []	No inherited roles specified
4	Run createRole command	db.createRole({...})	Role 'readWriteReports' created successfully
5	Assign role to user	db.grantRolesToUser("alice", [{ role: "readWriteReports", db: "admin" }])	Role assigned to user 'alice'
6	Verify role assignment	db.getUser("alice")	User 'alice' has role 'readWriteReports'
7	End	-	Custom role creation and assignment complete

💡 Process ends after role creation and assignment to user.

Variable Tracker

Variable	Start	After Step 1	After Step 2	After Step 4	After Step 5	Final
roleName	undefined	readWriteReports	readWriteReports	readWriteReports	readWriteReports	readWriteReports
privileges	undefined	undefined	[{db: 'reportsDB', collection: 'sales', actions: ['find','insert']}]	[{db: 'reportsDB', collection: 'sales', actions: ['find','insert']}]	[{db: 'reportsDB', collection: 'sales', actions: ['find','insert']}]	[{db: 'reportsDB', collection: 'sales', actions: ['find','insert']}]
roles	undefined	undefined	[]	[]	[]	[]
userRoles	undefined	undefined	undefined	undefined	[{role: 'readWriteReports', db: 'admin'}]	[{role: 'readWriteReports', db: 'admin'}]

Key Moments - 3 Insights

Why do we specify an empty array for 'roles' when creating a custom role?

What happens if we forget to assign the new role to a user?

Can we assign privileges on multiple collections in one role?

Visual Quiz - 3 Questions

Test your understanding

Look at the execution_table, what is the role name after step 1?

A"alice"

B"reportsDB"

C"readWriteReports"

Dundefined

Concept Snapshot

Custom Role Creation in MongoDB:
- Use db.createRole() with role name, privileges, and roles.
- Privileges specify actions on resources (db, collection).
- Roles array is for inherited roles (can be empty).
- Assign created role to users with db.grantRolesToUser().
- Verify with db.getUser().

Full Transcript

This visual execution traces creating a custom role in MongoDB. First, we define the role name 'readWriteReports'. Next, we specify privileges allowing 'find' and 'insert' on the 'sales' collection in 'reportsDB'. We set roles to an empty array meaning no inherited roles. Then we run the createRole command which creates the role in the database. After that, we assign this role to user 'alice' using grantRolesToUser. Finally, we verify the assignment by fetching the user details. Variables like roleName, privileges, roles, and userRoles change step by step as shown. Key moments clarify why roles array can be empty, the importance of assigning roles to users, and how to add multiple privileges. The quiz tests understanding of role name, assignment step, and privilege variable. The snapshot summarizes the commands and flow for quick reference.