OPTIONS

Verify User Privileges

Overview

A user’s privileges determine the access the user has to MongoDB resources and the actions that user can perform. Users receive privileges through role assignments. A user can have multiple roles, and each role can have multiple privileges.

For an overview of roles and privileges, see Authorization.

Prerequisites

To view a role’s information, you must be explicitly granted the role or must have the viewRole action on the role’s database.

Procedure

1

Identify the user’s roles.

Use the usersInfo command or db.getUser() method to display user information. The roles array specifies the user’s roles.

For example, to view roles for accountUser01 on the accounts database, issue the following:

use accounts
db.getUser("accountUser01")

The roles array displays all roles for accountUser01:

"roles" : [
   {
     "role" : "readWrite",
     "db" : "accounts"
   },
   {
     "role" : "siteRole01",
     "db" : "records"
    }
]
2

Identify the privileges granted by the roles.

For a given role, use the rolesInfo command or db.getRole() method, and include the showPrivileges parameter. The resulting role document displays both privileges granted directly and roles from which this role inherits privileges.

For example, to view the privileges granted by siteRole01 on the records database, use the following operation, which returns a document with a privileges array:

use records
db.getRole( "siteRole01", { showPrivileges: true } )

The returned document includes the roles and privileges arrays:

"roles" : [
   {
       "role" : "read",
       "db" : "corporate"
   }
],
"privileges" : [
   {
       "resource" : {
           "db" : "records",
           "collection" : ""
       },
       "actions" : [
           "find",
           "insert",
           "update"
       ]
   }
]

To view the privileges granted by the read role, use db.getRole() again with the appropriate parameters.