- Security >
- Security Tutorials >
- User and Role Management Tutorials >
- Verify User Privileges
Verify User Privileges¶
On this page
Overview¶
A user’s privileges determine the access the user has to MongoDB resources and the actions that user can perform. Users receive privileges through role assignments. A user can have multiple roles, and each role can have multiple privileges.
For an overview of roles and privileges, see Authorization.
Prerequisites¶
To view a role’s information, you must be explicitly granted the
role or must have the viewRole
action on the role’s database.
Procedure¶
Connect to MongoDB with the appropriate privileges.¶
Connect to mongod
or mongos
as a user with
the privileges specified in the prerequisite section.
The following procedure uses the siteUserAdmin
created in
Create a User Administrator.
Identify the user’s roles.¶
Use the usersInfo
command or db.getUser()
method to
display user information.
For example, to view roles for reportsUser
created in
Add a User to a Database, issue:
In the returned document, the roles
field displays all roles for reportsUser
:
Identify the privileges granted by the roles.¶
For a given role, use the db.getRole()
method, or the
rolesInfo
command, with the showPrivileges
option:
For example, to view the privileges granted by read
role on
the products
database, use the following operation, issue:
In the returned document, the privileges
and
inheritedPrivileges
arrays. The
privileges
lists the privileges directly
specified by the role and excludes those privileges inherited
from other roles. The inheritedPrivileges
lists all privileges granted by this role, both directly
specified and inherited. If the role does not inherit from other
roles, the two fields are the same.