Role-based access control helps keep data safe by giving users only the permissions they need.
db.createRole({
role: "roleName",
privileges: [
{
resource: { db: "databaseName", collection: "collectionName" },
actions: ["action1", "action2"]
}
],
roles: [{ role: "otherRole", db: "admin" }]
})db.createRole() to make a new role with specific permissions.privileges array defines what actions the role can do on which resources.db.createRole({
role: "readOnly",
privileges: [
{
resource: { db: "shop", collection: "products" },
actions: ["find"]
}
],
roles: []
})db.createRole({
role: "productManager",
privileges: [
{
resource: { db: "shop", collection: "products" },
actions: ["find", "insert", "update", "remove"]
}
],
roles: []
})db.createRole({
role: "admin",
privileges: [],
roles: [{ role: "readWrite", db: "admin" }, { role: "dbAdmin", db: "admin" }]
})This example creates a role that allows reading reports, assigns it to user 'alice', and then checks her roles.
db.createRole({
role: "reportViewer",
privileges: [
{
resource: { db: "sales", collection: "reports" },
actions: ["find"]
}
],
roles: []
})
// Assign the role to a user
use sales
db.grantRolesToUser("alice", [{ role: "reportViewer", db: "sales" }])
// Check user roles
db.getUser("alice")Always assign the least permissions needed to keep data safe.
Roles can include other roles to combine permissions easily.
Use db.getUser() to check what roles a user has.
Role-based access control lets you manage who can do what in your database.
Create roles with specific permissions using db.createRole().
Assign roles to users to control their access safely and clearly.