{ createRole: "<new role>", privileges: [ { resource: { <resource> }, actions: [ "<action>", ... ] }, ... ], roles: [ { role: "<role>", db: "<database>" } | "<role>", ... ], authenticationRestrictions: [ { clientSource: ["<IP>" | "<CIDR range>", ...], serverAddress: ["<IP>" | "<CIDR range>", ...] }, ... ], writeConcern: <write concern document> }
字段 | 类型 | 说明 |
createRole | string | createRole字段包含新角色的名称。 |
privileges | array | 它包含授予角色的特权。如果您不想指定任何角色,请将其留空。 |
roles | array | 它包含用于将角色分配给用户的角色数组。 |
authentication Restrictions |
array | "身份验证限制"字段限制服务器强制执行角色。 |
writeConcern | document | 这是应用于此操作的写关注级别。 |
db.adminCommand({ createRole: "lidihuoAdmin", privileges: [ { resource: { cluster: true }, actions: [ "addShard" ] }, { resource: { db: "config", collection: "" }, actions: [ "find", "update", "insert", "remove" ] }, { resource: { db: "users", collection: "usersCollection" }, actions: [ "update", "insert", "remove" ] }, { resource: { db: "", collection: "" }, actions: [ "find" ] } ], roles: [ { role: "read", db: "admin" } ], writeConcern: { w: "majority" , wtimeout: 5000 } })
{ dropRole: "<role>", writeConcern: { <write concern> } } Example: this example remove the readPrice role from the products database. use products db.runCommand( { dropRole: "readPrices", writeConcern: { w: "majority" } } )
{ updateRole: "<role>", privileges: [ { resource: { <resource> }, actions: [ "<action>", ... ] }, ... ], roles: [ { role: "<role>", db: "<database>" } | "<role>", ... ], authenticationRestrictions: [ { clientSource: ["<IP>" | "<CIDR range>", ...], serverAddress: ["<IP>", ...] }, ... ] writeConcern: <write concern document> }
db.adminCommand( { updateRole: "myClusterwideAdmin", privileges: [ { resource: { db: "", collection: "" }, actions: [ "find" , "update", "insert", "remove" ] } ], roles: [ { role: "dbAdminAnyDatabase", db: "admin" } ], writeConcern: { w: "majority" } } )
{ grantPrivilegesToRole: "<role>", privileges: [ { resource: { <resource> }, actions: [ "<action>", ... ] }, ... ], writeConcern: { <write concern> } }
use products db.runCommand( { grantPrivilegesToRole: "service", privileges: [ { resource: { db: "products", collection: "" }, actions: [ "find" ] }, { resource: { db: "products", collection: "system.js" }, actions: [ "find" ] } ], writeConcern: { w: "majority" , wtimeout: 5000 } } )