0
0
MongoDBquery~10 mins

Role-based access control in MongoDB - Step-by-Step Execution

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Concept Flow - Role-based access control
Define Roles
Assign Permissions to Roles
Create Users
Assign Roles to Users
User Tries Action
Check User's Roles and Permissions
Yes No
Allow
This flow shows how roles are defined with permissions, assigned to users, and checked when users try actions.
Execution Sample
MongoDB
db.createRole({
  role: "readData",
  privileges: [{ resource: { db: "test", collection: "" }, actions: ["find"] }],
  roles: []
});
db.createUser({ user: "alice", pwd: "password", roles: ["readData"] });
This code creates a role with read permission and assigns it to a user named alice.
Execution Table
StepActionDetailsResult
1Create RoleRole: readData with find action on test dbRole readData created
2Create UserUser: alice with role readDataUser alice created with role readData
3User Actionalice tries to find documents in test dbCheck alice's roles and permissions
4Permission CheckreadData role allows find on test dbAction allowed
5User Actionalice tries to insert document in test dbCheck alice's roles and permissions
6Permission CheckreadData role does not allow insertAction denied
💡 Execution stops after permission checks determine allow or deny
Variable Tracker
VariableStartAfter Step 1After Step 2After Step 3After Step 5Final
Roles{}{"readData": {privileges: find on test}}{"readData": {privileges: find on test}}{"readData": {privileges: find on test}}{"readData": {privileges: find on test}}{"readData": {privileges: find on test}}
Users{}{}{"alice": {roles: [readData]}}{"alice": {roles: [readData]}}{"alice": {roles: [readData]}}{"alice": {roles: [readData]}}
User ActionN/AN/AN/Afind on test dbinsert on test dbN/A
Permission ResultN/AN/AN/AalloweddeniedN/A
Key Moments - 2 Insights
Why can alice find documents but cannot insert them?
Because alice has the readData role which only grants the 'find' action, not 'insert'. See execution_table rows 4 and 6.
What happens if a user has multiple roles with conflicting permissions?
MongoDB combines permissions from all roles. If any role allows an action, the user can perform it. This is shown by checking all roles in step 4.
Visual Quiz - 3 Questions
Test your understanding
Look at the execution_table, what is the result when alice tries to find documents in the test database?
AAction denied
BAction allowed
CRole not found
DUser not found
💡 Hint
Check execution_table row 4 under Result column
At which step does the system deny alice's action?
AStep 5
BStep 4
CStep 6
DStep 3
💡 Hint
Look at execution_table row 6 for the permission check result
If alice was assigned a role with insert permission, how would the permission result change at step 6?
AIt would allow the action
BIt would cause an error
CIt would still deny the action
DIt would ignore the new role
💡 Hint
Refer to key_moments about combining permissions from multiple roles
Concept Snapshot
Role-based access control in MongoDB:
- Define roles with specific privileges
- Create users and assign roles
- When user acts, MongoDB checks roles' permissions
- If any role allows action, user is allowed
- Otherwise, action is denied
Full Transcript
Role-based access control in MongoDB works by defining roles that have specific permissions on database resources. Users are created and assigned these roles. When a user tries to perform an action, MongoDB checks the permissions granted by all roles assigned to that user. If any role allows the action, the user can perform it; otherwise, the action is denied. For example, a role named readData may allow only reading documents. A user alice with this role can find documents but cannot insert new ones. This ensures secure and organized access control based on roles.