1.创建角色
use admin
db.createRole({ role: "myRole",
privileges: [
{ resource: { cluster: true }, actions: [ "addShard" ] },
{ resource: { db: "local", collection: "" }, actions: [ "insert", "remove" ] }
],
roles: [
{ role: "read", db: "admin" }
],
writeConcern: { w: "majority" , wtimeout: 5000 }
})
2.删除角色
db.dropRole("myRole")
db.dropAllRoles();
3.获取角色详细信息
db.getRole("myRole")
db.getAllRoles()
db.runCommand({ rolesInfo: "myRole" })
db.runCommand( { rolesInfo: "myRole", showPrivileges: 1 } )
4.授予权限给角色
db.grantPrivilegesToRole(
"myRole",
[
{
resource: { db: "admin", collection: "" },
actions: [ "find" ]
}
],
{ w: "majority" }
)
5.将权限从角色收回
db.revokePrivilegesFromRole(
"myRole",
[
{
resource: { db: "admin", collection: "" },
actions: [ "find" ]
}
],
{ w: "majority" }
)
6.授予角色给角色
db.grantRolesToRole(
"myRole",
[ "userAdmin","dbAdmin" ],
{ w: "majority" , wtimeout: 5000 }
)
7.将角色从角色收回
db.revokeRolesFromRole( "myRole",
[
"userAdmin"
],
{ w: "majority" , wtimeout: 5000 }
)
8.更新角色(会覆盖)
db.updateRole(
"myRole",
{
privileges: //如果省略掉这个字段 则保留以前的 如果没省略就用现在的权限替换以前的
[
{
resource: { db:"admin", collection:"system.indexes" },
actions: [ "update", "createCollection", "createIndex"]
}
],
roles://如果省略掉这个字段 则保留以前的 如果没省略 就用现在继承的权限值替换以前的
[
{
role: "read",
db: "admin"
}
]
},
{ w:"majority" }
)
use admin
db.createRole({ role: "myRole",
privileges: [
{ resource: { cluster: true }, actions: [ "addShard" ] },
{ resource: { db: "local", collection: "" }, actions: [ "insert", "remove" ] }
],
roles: [
{ role: "read", db: "admin" }
],
writeConcern: { w: "majority" , wtimeout: 5000 }
})
2.删除角色
db.dropRole("myRole")
db.dropAllRoles();
3.获取角色详细信息
db.getRole("myRole")
db.getAllRoles()
db.runCommand({ rolesInfo: "myRole" })
db.runCommand( { rolesInfo: "myRole", showPrivileges: 1 } )
4.授予权限给角色
db.grantPrivilegesToRole(
"myRole",
[
{
resource: { db: "admin", collection: "" },
actions: [ "find" ]
}
],
{ w: "majority" }
)
5.将权限从角色收回
db.revokePrivilegesFromRole(
"myRole",
[
{
resource: { db: "admin", collection: "" },
actions: [ "find" ]
}
],
{ w: "majority" }
)
6.授予角色给角色
db.grantRolesToRole(
"myRole",
[ "userAdmin","dbAdmin" ],
{ w: "majority" , wtimeout: 5000 }
)
7.将角色从角色收回
db.revokeRolesFromRole( "myRole",
[
"userAdmin"
],
{ w: "majority" , wtimeout: 5000 }
)
8.更新角色(会覆盖)
db.updateRole(
"myRole",
{
privileges: //如果省略掉这个字段 则保留以前的 如果没省略就用现在的权限替换以前的
[
{
resource: { db:"admin", collection:"system.indexes" },
actions: [ "update", "createCollection", "createIndex"]
}
],
roles://如果省略掉这个字段 则保留以前的 如果没省略 就用现在继承的权限值替换以前的
[
{
role: "read",
db: "admin"
}
]
},
{ w:"majority" }
)