Privilege Actions¶

New in version 2.6.

On this page

Query and Write Actions
Database Management Actions
Deployment Management Actions
Replication Actions
Sharding Actions
Server Administration Actions
Diagnostic Actions
Internal Actions

Privilege actions define the operations a user can perform on a resource. A MongoDB privilege comprises a resource and the permitted actions. This page lists available actions grouped by common purpose.

MongoDB provides built-in roles with pre-defined pairings of resources and permitted actions. For lists of the actions granted, see Built-In Roles. To define custom roles, see Create a User-Defined Role.

Query and Write Actions¶

find¶: User can perform the db.collection.find() method. Apply this action to database or collection resources.

insert¶: User can perform the insert command. Apply this action to database or collection resources.

remove¶: User can perform the db.collection.remove() method. Apply this action to database or collection resources.

update¶: User can perform the update command. Apply this action to database or collection resources.

bypassDocumentValidation¶: New in version 3.2.

User can bypass document validation on commands that support the bypassDocumentValidation option. For a list of commands that support the bypassDocumentValidation option, see Document Validation. Apply this action to database or collection resources.

Database Management Actions¶

changeCustomData¶: User can change the custom information of any user in the given database. Apply this action to database resources.

changeOwnCustomData¶: Users can change their own custom information. Apply this action to database resources. See also Change Your Password and Custom Data.

changeOwnPassword¶: Users can change their own passwords. Apply this action to database resources. See also Change Your Password and Custom Data.

changePassword¶: User can change the password of any user in the given database. Apply this action to database resources.

createCollection¶: User can perform the db.createCollection() method. Apply this action to database or collection resources.

createIndex¶: Provides access to the db.collection.createIndex() method and the createIndexes command. Apply this action to database or collection resources.

createRole¶: User can create new roles in the given database. Apply this action to database resources.

createUser¶: User can create new users in the given database. Apply this action to database resources.

dropCollection¶: User can perform the db.collection.drop() method. Apply this action to database or collection resources.

dropRole¶: User can delete any role from the given database. Apply this action to database resources.

dropUser¶: User can remove any user from the given database. Apply this action to database resources.

emptycapped¶: User can perform the emptycapped command. Apply this action to database or collection resources.

enableProfiler¶: User can perform the db.setProfilingLevel() method. Apply this action to database resources.

grantRole¶: User can grant any role in the database to any user from any database in the system. Apply this action to database resources.

killCursors¶: User can kill cursors on the target collection.

revokeRole¶: User can remove any role from any user from any database in the system. Apply this action to database resources.

unlock¶: User can perform the db.fsyncUnlock() method. Apply this action to the cluster resource.

viewRole¶: User can view information about any role in the given database. Apply this action to database resources.

viewUser¶: User can view the information of any user in the given database. Apply this action to database resources.

Deployment Management Actions¶

authSchemaUpgrade¶: User can perform the authSchemaUpgrade command. Apply this action to the cluster resource.

cleanupOrphaned¶: User can perform the cleanupOrphaned command. Apply this action to the cluster resource.

cpuProfiler¶: User can enable and use the CPU profiler. Apply this action to the cluster resource.

inprog¶: User can use the db.currentOp() method to return pending and active operations. Apply this action to the cluster resource.

invalidateUserCache¶: Provides access to the invalidateUserCache command. Apply this action to the cluster resource.

killop¶: User can perform the db.killOp() method. Apply this action to the cluster resource.

planCacheRead¶: User can perform the planCacheListPlans and planCacheListQueryShapes commands and the PlanCache.getPlansByQuery() and PlanCache.listQueryShapes() methods. Apply this action to database or collection resources.

planCacheWrite¶: User can perform the planCacheClear command and the PlanCache.clear() and PlanCache.clearPlansByQuery() methods. Apply this action to database or collection resources.

storageDetails¶: User can perform the storageDetails command. Apply this action to database or collection resources.

Replication Actions¶

appendOplogNote¶: User can append notes to the oplog. Apply this action to the cluster resource.

replSetConfigure¶: User can configure a replica set. Apply this action to the cluster resource.

replSetGetStatus¶: User can perform the replSetGetStatus command. Apply this action to the cluster resource.

replSetHeartbeat¶: User can perform the replSetHeartbeat command. Apply this action to the cluster resource.

replSetStateChange¶: User can change the state of a replica set through the replSetFreeze, replSetMaintenance, replSetStepDown, and replSetSyncFrom commands. Apply this action to the cluster resource.

resync¶: User can perform the resync command. Apply this action to the cluster resource.

Sharding Actions¶

addShard¶: User can perform the addShard command. Apply this action to the cluster resource.

enableSharding¶: User can enable sharding on a database using the enableSharding command and can shard a collection using the shardCollection command. Apply this action to database or collection resources.

flushRouterConfig¶: User can perform the flushRouterConfig command. Apply this action to the cluster resource.

getShardMap¶: User can perform the getShardMap command. Apply this action to the cluster resource.

getShardVersion¶: User can perform the getShardVersion command. Apply this action to database resources.

listShards¶: User can perform the listShards command. Apply this action to the cluster resource.

moveChunk¶: User can perform the moveChunk command. In addition, user can perform the movePrimary command provided that the privilege is applied to an appropriate database resource. Apply this action to database or collection resources.

removeShard¶: User can perform the removeShard command. Apply this action to the cluster resource.

shardingState¶: User can perform the shardingState command. Apply this action to the cluster resource.

splitChunk¶: User can perform the splitChunk command. Apply this action to database or collection resources.

splitVector¶: User can perform the splitVector command. Apply this action to database or collection resources.

Server Administration Actions¶

applicationMessage¶: User can perform the logApplicationMessage command. Apply this action to the cluster resource.

closeAllDatabases¶: User can perform the closeAllDatabases command. Apply this action to the cluster resource.

collMod¶: User can perform the collMod command. Apply this action to database or collection resources.

compact¶: User can perform the compact command. Apply this action to database or collection resources.

connPoolSync¶: User can perform the connPoolSync command. Apply this action to the cluster resource.

convertToCapped¶: User can perform the convertToCapped command. Apply this action to database or collection resources.

dropDatabase¶: User can perform the dropDatabase command. Apply this action to database resources.

dropIndex¶: User can perform the dropIndexes command. Apply this action to database or collection resources.

fsync¶: User can perform the fsync command. Apply this action to the cluster resource.

getParameter¶: User can perform the getParameter command. Apply this action to the cluster resource.

hostInfo¶: Provides information about the server the MongoDB instance runs on. Apply this action to the cluster resource.

logRotate¶: User can perform the logRotate command. Apply this action to the cluster resource.

reIndex¶: User can perform the reIndex command. Apply this action to database or collection resources.

renameCollectionSameDB¶

Allows the user to rename collections on the current database using the renameCollection command. Apply this action to database resources.

Additionally, the user must either have find on the source collection or not have find on the destination collection.

If a collection with the new name already exists, the user must also have the dropCollection action on the destination collection.

repairDatabase¶: User can perform the repairDatabase command. Apply this action to database resources.

setParameter¶: User can perform the setParameter command. Apply this action to the cluster resource.

shutdown¶: User can perform the shutdown command. Apply this action to the cluster resource.

touch¶: User can perform the touch command. Apply this action to the cluster resource.

Diagnostic Actions¶

collStats¶: User can perform the collStats command. Apply this action to database or collection resources.

connPoolStats¶: User can perform the connPoolStats and shardConnPoolStats commands. Apply this action to the cluster resource.

cursorInfo¶: User can perform the cursorInfo command. Apply this action to the cluster resource.

dbHash¶: User can perform the dbHash command. Apply this action to database or collection resources.

dbStats¶: User can perform the dbStats command. Apply this action to database resources.

diagLogging¶: User can perform the diagLogging command. Apply this action to the cluster resource.

getCmdLineOpts¶: User can perform the getCmdLineOpts command. Apply this action to the cluster resource.

getLog¶: User can perform the getLog command. Apply this action to the cluster resource.

indexStats¶: User can perform the indexStats command. Apply this action to database or collection resources.

Changed in version 3.0: MongoDB 3.0 removes the indexStats command.

listDatabases¶: User can perform the listDatabases command. Apply this action to the cluster resource.

listCollections¶: User can perform the listCollections command. Apply this action to database resources.

listIndexes¶: User can perform the ListIndexes command. Apply this action to database or collection resources.

netstat¶: User can perform the netstat command. Apply this action to the cluster resource.

serverStatus¶: User can perform the serverStatus command. Apply this action to the cluster resource.

validate¶: User can perform the validate command. Apply this action to database or collection resources.

top¶: User can perform the top command. Apply this action to the cluster resource.

Internal Actions¶

anyAction¶: Allows any action on a resource. Do not assign this action except for exceptional circumstances.

internal¶: Allows internal actions. Do not assign this action except for exceptional circumstances.

← Resource Document System Event Audit Messages →

Was this page helpful?

Yes No

Thank you for your feedback!

We're sorry! You can Report a Problem to help us improve this page.