Built-in Roles in MongoDB: Overview and Usage
built-in roles are predefined sets of privileges that control user access to database resources. These roles simplify security by grouping common permissions, such as read, readWrite, and dbAdmin, so you can assign them directly to users without creating custom roles.How It Works
Think of built-in roles in MongoDB like job titles in a company. Each job title comes with a set of responsibilities and permissions. For example, a "read-only" job means you can view documents but not change them, while an "admin" job means you can manage settings and users.
MongoDB provides these built-in roles so you don't have to create your own from scratch. When you assign a built-in role to a user, MongoDB automatically grants the permissions that role includes. This makes managing who can do what in your database easier and safer.
Example
This example shows how to create a user with the built-in readWrite role on a database named mydb. This role allows the user to read and write data in that database.
use mydb
db.createUser({
user: "appUser",
pwd: "securePass123",
roles: [ { role: "readWrite", db: "mydb" } ]
})When to Use
Use built-in roles when you want to quickly assign common permission sets to users without customizing access. For example, if you have a developer who only needs to read and write data, assign the readWrite role. For a database administrator who manages indexes and users, assign dbAdmin or userAdmin.
This approach saves time and reduces errors compared to creating custom roles for every user. It also helps maintain consistent security policies across your MongoDB deployment.
Key Points
- Built-in roles group common permissions for easy user management.
- Examples include
read,readWrite,dbAdmin, anduserAdmin. - Assign roles to users to control their database access securely.
- Using built-in roles reduces complexity and improves security consistency.