In Data Management (DMS), you can manage users for MongoDB databases and grant the users the permissions of different roles. The roles are Common operation role, Administrator action role, Instance-level role, Cluster administrator role, Backup and Recovery roles, and Super role.
Prerequisites
- A MongoDB database is registered in DMS.
- You are assigned a required role for the MySQL database instance that is registered
in DMS. The role varies based on the control mode of the instance. The following table
describes the details.
Control mode Role requirement Security Collaboration You must be a DMS administrator, a database administrator (DBA), or the owner of the relevant database instance. Stable Change No specific role is required. Flexible Management No specific role is required.
Create a user
Edit a user
Delete a user
- Log on to the DMS console.
- In the search box at the top of the left-side navigation pane, enter the name of the MySQL database whose permissions you want to manage. From the matched result, find the instance to which the database belongs.
- Right-click the instance and select Account Management.
- On the Account Management page, select a database from the drop-down list.
- Find the user who you want to delete and click Delete in the Operation column.
- In the Prompt message, click OK.
Permissions of different roles
The following table describes the permissions of different roles. For more information, see MongoDB official website.
Role | Permission | Description |
---|---|---|
Common operation role | read | Enables a user to query data in the database. |
readWrite | Enables a user to insert, delete, update, or query data in the database. | |
Administrator action role |
dbAdmin | Enables a user to manage data in the database, but not to read data from or write data to the database. |
userAdmin | Enables a user to create users for the database. | |
dbOwner | Enables a user to perform all operations on the database. | |
Instance-level role | readAnyDatabase | Enables a user to query data in all databases of the instance. |
readWriteAnyDatabase | Enables a user to insert, delete, update, or query data in all databases of the instance. | |
userAdminAnyDatabase | Enables a user to create users for all databases of the instance. | |
dbAdminAnyDatabase | Enables a user to manage data in all databases of the instance, but not to read data from or write data to the databases. | |
Cluster administrator role | hostManager | Enables a user to manage data in the database, but not to read data from or write data to the database. |
clusterMonitor | Enables a user to query clusters and replication sets. | |
clusterManager | Enables a user to manage and monitor clusters and replication sets. | |
clusterAdmin | Enables a user to perform all operations on clusters. | |
Backup and Recovery roles | backup | Enables a user to query data in all databases of the instance. |
restore | Enables a user to insert, delete, update, or query data in all databases of the instance. | |
Super role | Root | Enables a user to perform all operations on all resources in an instance. |