MongoDB Role Management Commands

The role management commands are used to define the role for the specified user.

MongoDB createRole command

The createRole command assigns a role and specifies its advantages. The assigned role applies to the database on which we run the command. The command returns a duplicate role error if the role already exists in the database.

Syntax:

{ createRole: "<new role>",
  privileges: [
    { resource: { <resource> }, actions: [ "<action>", ... ] },
    ...
  ],
  roles: [
    { role: "<role>", db: "<database>" } | "<role>",
    ...
  ],
  authenticationRestrictions: [
    {
      clientSource: ["<IP>" | "<CIDR range>", ...],
      serverAddress: ["<IP>" | "<CIDR range>", ...]
    },
    ...
  ],
  writeConcern: <write concern document>
}

Command fields:

Field	Type	Description
createRole	string	The createRole field contains the name of the new role.
privileges	array	It contains the privileges to grant the roles. Left it blanks if you don't want to specify any role.
roles	array	It contains the array of roles which is used to assign the role to the user.
authentication Restrictions	array	The authentication restriction field restricts the server from enforcing on the role.
writeConcern	document	It is the level of write concern to apply to this operation.

Example:

The createRole command creates the JavaTpointAdmin role on the admin database

 db.adminCommand({ createRole: "JavaTpointAdmin",
  privileges: [
    { resource: { cluster: true }, actions: [ "addShard" ] },
    { resource: { db: "config", collection: "" }, actions: [ "find", "update", "insert", "remove" ] },
    { resource: { db: "users", collection: "usersCollection" }, actions: [ "update", "insert", "remove" ] },
    { resource: { db: "", collection: "" }, actions: [ "find" ] }
  ],
  roles: [
    { role: "read", db: "admin" }
  ],
  writeConcern: { w: "majority" , wtimeout: 5000 }
})

MongoDB dropRole command

The MongoDB dropRole command deletes the role that is defined by the user in the database on which we run the command.

Syntax:

{
  dropRole: "<role>",
  writeConcern: { <write concern> }
}
Example:
This example remove the readPrice role from the products database.
use products
db.runCommand(
   {
     dropRole: "readPrices",
     writeConcern: { w: "majority" }
   }
)

MongoDB updateRole

The update command updates the user-defined role. The command must run on the role's database. This command can replace the previous field value completely.

Syntax:

{
  updateRole: "<role>",
  privileges:
      [
        { resource: { <resource> }, actions: [ "<action>", ... ] },
        ...
      ],
  roles:
      [
        { role: "<role>", db: "<database>" } | "<role>",
        ...
      ],
  authenticationRestrictions:
      [
        {
          clientSource: ["<IP>" | "<CIDR range>", ...],
          serverAddress: ["<IP>", ...]
        },
        ...
      ]
  writeConcern: <write concern document>
}

Example:

db.adminCommand(
   {
     updateRole: "myClusterwideAdmin",
     privileges:
         [
           {
             resource: { db: "", collection: "" },
             actions: [ "find" , "update", "insert", "remove" ]
           }
         ],
     roles:
         [
           { role: "dbAdminAnyDatabase", db: "admin" }
         ],
     writeConcern: { w: "majority" }
   }
)

The above example updates the myClusterwideAdmin role on the admin database.

MongoDB grantPrivilagesToRole command

This is a very important command which is used to add some extra privileges to a user-defined role on the database where the command is used to run.

Syntax:

{
  grantPrivilegesToRole: "<role>",
  privileges: [
      {
        resource: { <resource> }, actions: [ "<action>", ... ]
      },
      ...
  ],
  writeConcern: { <write concern> }
}

Example:

use products
db.runCommand(
   {
     grantPrivilegesToRole: "service",
     privileges: [
         {
           resource: { db: "products", collection: "" }, actions: [ "find" ]
         },
         {
           resource: { db: "products", collection: "system.js" }, actions: [ "find" ]
         }
     ],
     writeConcern: { w: "majority" , wtimeout: 5000 }
   }
)

The above example grants two additional privilages to the service role that exists in the product database.

Next TopicMongoDB Replication Command

← prev next →