Users and roles

The data in Managed Service for MongoDB is handled on behalf of the cluster users. To differentiate user access rights, the role model is used. To assign a user specific access rights for the database, grant them the relevant role in this database.

Database user roles

Standard roles available for any user database.

read

Users granted the read role have read access to all non-system database collections and the system.js collection. Learn more about this role in the MongoDB documentation.

readWrite

Users granted the readWrite role have read and write access to all non-system database collections and the system.js collection. Learn more about this role in the MongoDB documentation.

Cluster administrator roles

Roles needed for cluster monitoring and administration. Those roles are assigned for the privileged MongoDB admin database.

mdbMonitor

A role for collecting statistics and monitoring. It grants the following rights to the user:

• Actions on the cluster as a whole:

  • connPoolStats
  • getLog
  • getParameter
  • getShardMap
  • hostInfo
  • inprog
  • listDatabases
  • listSessions
  • listShards
  • netstat
  • replSetGetConfig
  • replSetGetStatus
  • serverStatus
  • shardingState
  • top

• Actions on all databases in a cluster:

  • collStats
  • dbStats
  • getShardVersion
  • indexStats
  • useUUID

• Actions with all system.profile collections in all databases:

  • find

• Actions with system.indexes, system.js, and system.namespaces collections of the local and config databases:

  • collStats
  • dbHash
  • dbStats
  • find
  • killCursors
  • listCollections
  • listIndexes
  • planCacheRead

mdbShardingManager

A role for managing cluster sharding. It grants the following rights to the user:

• Actions with the admin database:

  • viewRole

• Actions with any resource in the cluster:

  • enableSharding
  • flushRouterConfig
  • getShardVersion
  • getShardMap
  • shardingState
  • moveChunk
  • splitChunk
  • splitVector

• Actions with the config database:

  • find