- Security >
- Security Reference >
- Privilege Actions
Privilege Actions¶
New in version 2.6.
On this page
Privilege actions define the operations a user can perform on a resource. A MongoDB privilege comprises a resource and the permitted actions. This page lists available actions grouped by common purpose.
MongoDB provides built-in roles with pre-defined pairings of resources and permitted actions. For lists of the actions granted, see Built-In Roles. To define custom roles, see Create a User-Defined Role.
Query and Write Actions¶
-
find
¶ User can perform the
db.collection.find()
method. Apply this action to database or collection resources.
-
remove
¶ User can perform the
db.collection.remove()
method. Apply this action to database or collection resources.
Database Management Actions¶
-
changeCustomData
¶ User can change the custom information of any user in the given database. Apply this action to database resources.
-
changeOwnCustomData
¶ Users can change their own custom information. Apply this action to database resources. See also Change Your Password and Custom Data.
-
changeOwnPassword
¶ Users can change their own passwords. Apply this action to database resources. See also Change Your Password and Custom Data.
-
changePassword
¶ User can change the password of any user in the given database. Apply this action to database resources.
-
createCollection
¶ User can perform the
db.createCollection()
method. Apply this action to database or collection resources.
-
createIndex
¶ Provides access to the
db.collection.createIndex()
method and thecreateIndexes
command. Apply this action to database or collection resources.
-
createRole
¶ User can create new roles in the given database. Apply this action to database resources.
-
createUser
¶ User can create new users in the given database. Apply this action to database resources.
-
dropCollection
¶ User can perform the
db.collection.drop()
method. Apply this action to database or collection resources.
-
dropRole
¶ User can delete any role from the given database. Apply this action to database resources.
-
dropUser
¶ User can remove any user from the given database. Apply this action to database resources.
-
emptycapped
¶ User can perform the
emptycapped
command. Apply this action to database or collection resources.
-
enableProfiler
¶ User can perform the
db.setProfilingLevel()
method. Apply this action to database resources.
-
grantRole
¶ User can grant any role in the database to any user from any database in the system. Apply this action to database resources.
-
killCursors
¶ User can kill cursors on the target collection.
-
revokeRole
¶ User can remove any role from any user from any database in the system. Apply this action to database resources.
-
unlock
¶ User can perform the
db.fsyncUnlock()
method. Apply this action to thecluster
resource.
-
viewRole
¶ User can view information about any role in the given database. Apply this action to database resources.
-
viewUser
¶ User can view the information of any user in the given database. Apply this action to database resources.
Deployment Management Actions¶
-
authSchemaUpgrade
¶ User can perform the
authSchemaUpgrade
command. Apply this action to thecluster
resource.
-
cleanupOrphaned
¶ User can perform the
cleanupOrphaned
command. Apply this action to thecluster
resource.
-
cpuProfiler
¶ User can enable and use the CPU profiler. Apply this action to the
cluster
resource.
-
inprog
¶ User can use the
db.currentOp()
method to return pending and active operations. Apply this action to thecluster
resource.
-
invalidateUserCache
¶ Provides access to the
invalidateUserCache
command. Apply this action to thecluster
resource.
-
killop
¶ User can perform the
db.killOp()
method. Apply this action to thecluster
resource.
-
planCacheRead
¶ User can perform the
planCacheListPlans
andplanCacheListQueryShapes
commands and thePlanCache.getPlansByQuery()
andPlanCache.listQueryShapes()
methods. Apply this action to database or collection resources.
-
planCacheWrite
¶ User can perform the
planCacheClear
command and thePlanCache.clear()
andPlanCache.clearPlansByQuery()
methods. Apply this action to database or collection resources.
-
storageDetails
¶ User can perform the
storageDetails
command. Apply this action to database or collection resources.
Replication Actions¶
-
appendOplogNote
¶ User can append notes to the oplog. Apply this action to the
cluster
resource.
-
replSetConfigure
¶ User can configure a replica set. Apply this action to the
cluster
resource.
-
replSetGetStatus
¶ User can perform the
replSetGetStatus
command. Apply this action to thecluster
resource.
-
replSetHeartbeat
¶ User can perform the
replSetHeartbeat
command. Apply this action to thecluster
resource.
-
replSetStateChange
¶ User can change the state of a replica set through the
replSetFreeze
,replSetMaintenance
,replSetStepDown
, andreplSetSyncFrom
commands. Apply this action to thecluster
resource.
Sharding Actions¶
-
enableSharding
¶ User can enable sharding on a database using the
enableSharding
command and can shard a collection using theshardCollection
command. Apply this action to database or collection resources.
-
flushRouterConfig
¶ User can perform the
flushRouterConfig
command. Apply this action to thecluster
resource.
-
getShardMap
¶ User can perform the
getShardMap
command. Apply this action to thecluster
resource.
-
getShardVersion
¶ User can perform the
getShardVersion
command. Apply this action to database resources.
-
listShards
¶ User can perform the
listShards
command. Apply this action to thecluster
resource.
-
moveChunk
¶ User can perform the
moveChunk
command. In addition, user can perform themovePrimary
command provided that the privilege is applied to an appropriate database resource. Apply this action to database or collection resources.
-
removeShard
¶ User can perform the
removeShard
command. Apply this action to thecluster
resource.
User can perform the
shardingState
command. Apply this action to thecluster
resource.
-
splitChunk
¶ User can perform the
splitChunk
command. Apply this action to database or collection resources.
-
splitVector
¶ User can perform the
splitVector
command. Apply this action to database or collection resources.
Server Administration Actions¶
-
applicationMessage
¶ User can perform the
logApplicationMessage
command. Apply this action to thecluster
resource.
-
closeAllDatabases
¶ User can perform the
closeAllDatabases
command. Apply this action to thecluster
resource.
-
collMod
¶ User can perform the
collMod
command. Apply this action to database or collection resources.
-
compact
¶ User can perform the
compact
command. Apply this action to database or collection resources.
-
connPoolSync
¶ User can perform the
connPoolSync
command. Apply this action to thecluster
resource.
-
convertToCapped
¶ User can perform the
convertToCapped
command. Apply this action to database or collection resources.
-
dropDatabase
¶ User can perform the
dropDatabase
command. Apply this action to database resources.
-
dropIndex
¶ User can perform the
dropIndexes
command. Apply this action to database or collection resources.
-
getParameter
¶ User can perform the
getParameter
command. Apply this action to thecluster
resource.
-
hostInfo
¶ Provides information about the server the MongoDB instance runs on. Apply this action to the
cluster
resource.
-
reIndex
¶ User can perform the
reIndex
command. Apply this action to database or collection resources.
-
renameCollectionSameDB
¶ Allows the user to rename collections on the current database using the
renameCollection
command. Apply this action to database resources.Additionally, the user must either have
find
on the source collection or not havefind
on the destination collection.If a collection with the new name already exists, the user must also have the
dropCollection
action on the destination collection.
-
repairDatabase
¶ User can perform the
repairDatabase
command. Apply this action to database resources.
-
setParameter
¶ User can perform the
setParameter
command. Apply this action to thecluster
resource.
Diagnostic Actions¶
-
collStats
¶ User can perform the
collStats
command. Apply this action to database or collection resources.
-
connPoolStats
¶ User can perform the
connPoolStats
andshardConnPoolStats
commands. Apply this action to thecluster
resource.
-
cursorInfo
¶ User can perform the
cursorInfo
command. Apply this action to thecluster
resource.
-
diagLogging
¶ User can perform the
diagLogging
command. Apply this action to thecluster
resource.
-
getCmdLineOpts
¶ User can perform the
getCmdLineOpts
command. Apply this action to thecluster
resource.
-
indexStats
¶ User can perform the
indexStats
command. Apply this action to database or collection resources.Changed in version 3.0: MongoDB 3.0 removes the
indexStats
command.
-
listDatabases
¶ User can perform the
listDatabases
command. Apply this action to thecluster
resource.
-
listCollections
¶ User can perform the
listCollections
command. Apply this action to database resources.
-
listIndexes
¶ User can perform the
ListIndexes
command. Apply this action to database or collection resources.
-
serverStatus
¶ User can perform the
serverStatus
command. Apply this action to thecluster
resource.