Users and roles in Managed Service for MongoDB
The data in Managed Service for MongoDB is handled on behalf of the cluster users. To differentiate user access rights, the role model
Database user roles
These are regular roles available to any user database.
read
The users granted the read
role have the read access to all non-system database collections and the system.js
readWrite
The users granted the readWrite
role have the write and read access to all non-system database collections and the system.js
mdbDbAdmin
This is the database administrator role that grants the user all readWrite role permissions, as well as the permissions required for database administration:
- collMod
- planCacheWrite
- planCacheRead
- planCacheIndexFilter (which allows you to use the planCacheListFilters
, planCacheClearFilters , and planCacheSetFilter commands) - bypassDocumentValidation
Cluster administrator roles
These roles are required for cluster monitoring and administration. They are assigned for the privileged MongoDB admin
mdbMonitor
This role is required for collecting statistics and monitoring. It grants the following permissions to the user:
-
Working with the cluster:
-
Working with all databases in the cluster:
-
Working with all system.profile
collections in all databases: -
Working with the system.indexes
, system.js , and system.namespaces collections of the local and config databases:
mdbShardingManager
This role is used for managing cluster sharding. It grants the following permissions to the user: