top of page

MongoDB Roles


MongoDB Roles

MongoDB provides several built-in roles that you can assign to users to control their access to databases and operations. Here's an explanation of some common built-in roles in MongoDB:


1. read:

Grants the ability to read data from all non-system collections in a database.

2. readWrite:


Includes all the privileges of the read role.

Additionally, grants the ability to write data to all non-system collections in a database.

3. dbAdmin:


Provides the ability to perform administrative tasks on a given database, such as view or kill operations on the database, repair the database, and manage database-level users.


4.userAdmin:


Allows the user to create and modify users within a database. This role is necessary for creating new users or modifying their roles.

5.dbOwner:


Includes all the privileges of the readWrite, dbAdmin, and userAdmin roles.

Provides the highest level of access in a database, allowing the user to perform any administrative action on the database.


6.clusterAdmin:


Provides the highest level of access to a MongoDB cluster.

Allows the user to administer the replica set or sharded cluster, including adding and removing nodes, initiating replica set elections, and configuring sharding.


7.readAnyDatabase:


Grants the ability to read data from all databases on the MongoDB server.


8.readWriteAnyDatabase:


Includes all the privileges of the readAnyDatabase role.

Additionally, grants the ability to write data to all databases on the MongoDB server.

9.userAdminAnyDatabase:


Allows the user to create and modify users across all databases on the MongoDB server.

10.root:


Provides superuser access to the MongoDB deployment, allowing the user to perform any action on any resource.

It's important to carefully consider the roles you assign to users to ensure that they have the necessary privileges for their tasks while minimizing unnecessary access. In many cases, it's recommended to follow the principle of least privilege, assigning users only the roles they absolutely need.

bottom of page