In Data Management (DMS), you can manage users for MongoDB databases and grant the users the permissions of different roles. The roles are Common operation role, Administrator action role, Instance-level role, Cluster administrator role, Backup and Recovery roles, and Super role.
Prerequisites
- A MongoDB database is used.
-
You are a DMS administrator, a database administrator (DBA), or a regular user such as the owner of an instance. For more information, see System roles.
Create a user
Edit or delete a user
- Go to the DMS console V5.0.
- In the left-side navigation pane of the DMS console, right-click the instance that you want to manage and select Account Management.
- On the Account Management page, select the database for which you want to manage a user from the drop-down list.
- On the Account Management page, find the user that you want to manage and click Edit in the Operation column to modify the information about the user, or click Delete in the Operation column to delete the user.
Permissions of different roles
The following table describes the permissions of different roles. For more information, visit the MongoDB official website.
Role | Permission | Description |
---|---|---|
Common operation role | read | Allows a user to query data in the database. |
readWrite | Allows a user to insert, delete, update, or query data in the database. | |
Administrator action role |
dbAdmin | Allows a user to manage data in the database, but not to read data from or write data to the database. |
userAdmin | Allows a user to create users for the database. | |
dbOwner | Allows a user to perform all operations on the database. | |
Instance-level role | readAnyDatabase | Allows a user to query data in all databases of the instance. |
readWriteAnyDatabase | Allows a user to insert, delete, update, or query data in all databases of the instance. | |
userAdminAnyDatabase | Allows a user to create users for all databases of the instance. | |
dbAdminAnyDatabase | Allows a user to manage data in all databases of the instance, but not to read data from or write data to the databases. | |
Cluster administrator role | hostManager | Allows a user to manage data in the database, but not to read data from or write data to the database. |
clusterMonitor | Allows a user to query clusters and replica sets. | |
clusterManager | Allows a user to manage and monitor clusters and replica sets. | |
clusterAdmin | Allows a user to perform all operations on clusters. | |
Backup and Recovery roles | backup | Allows a user to query data in all databases of the instance. |
restore | Allows a user to insert, delete, update, or query data in all databases of the instance. | |
Super role | Root | Allows a user to perform all operations on all resources in an instance. |