Users and roles
The data in Managed Service for MongoDB is handled on behalf of the cluster users. To differentiate user access rights, the role model is used. To assign a user specific access rights for the database, grant them the relevant role in this database.
Database user roles
Standard roles available for any user database.
read
Users granted the read
role have read access to all non-system database collections and the system.js collection. Learn more about this role in the MongoDB documentation.
readWrite
Users granted the readWrite
role have read and write access to all non-system database collections and the system.js collection. Learn more about this role in the MongoDB documentation.
Cluster administrator roles
Roles needed for cluster monitoring and administration. Those roles are assigned for the privileged MongoDB admin database.
mdbMonitor
A role for collecting statistics and monitoring. It grants the following rights to the user:
-
Actions on the cluster as a whole:
-
Actions on all databases in a cluster:
-
Actions with all system.profile collections in all databases:
-
Actions with system.indexes, system.js, and system.namespaces collections of the local and config databases:
mdbShardingManager
A role for managing cluster sharding. It grants the following rights to the user: