Users and roles

Database user roles
- read
- readWrite
Cluster administrator roles
- mdbMonitor
- mdbShardingManager

The data in Managed Service for MongoDB is handled on behalf of the cluster users. To differentiate user access rights, the role model is used. To assign a user specific access rights for the database, grant them the relevant role in this database.

Database user roles

Standard roles available for any user database.

read

Users granted the read role have read access to all the non-system database collections and the system.js collection. Learn more about this role in the MongoDB documentation.

readWrite

Users granted the readWrite role have read and write access to all the non-system database collections and the system.js collection. Learn more about this role in the MongoDB documentation.

Cluster administrator roles

Roles needed for cluster monitoring and administration. Those roles are assigned for the privileged MongoDB admin database.

mdbMonitor

A role for collecting statistics and monitoring. It grants the following rights to the user:

Actions on the cluster as a whole:
- connPoolStats
- getLog
- getParameter
- getShardMap
- hostInfo
- inprog
- listDatabases
- listSessions
- listShards
- netstat
- replSetGetConfig
- replSetGetStatus
- serverStatus
- shardingState
- top
Actions on all databases in a cluster:
Actions with all the system.profile collections in all databases:
- find
Actions with the local and config databases:
- collStats
- dbHash
- dbStats
- find
- getShardVersion
- indexStats
- killCursors
- listCollections
- listIndexes
- planCacheRead
Actions with the system.indexes, system.js, system.namespaces collections of the local and config databases:
- collStats
- dbHash
- dbStats
- find
- killCursors
- listCollections
- listIndexes
- planCacheRead

mdbShardingManager

A role for managing cluster sharding. It grants the following rights to the user:

Actions with the admin database:
- viewRole
Actions with any resource in the cluster:
Actions with the config database:
- find