Built-in Roles
角色分类 | 具体角色 |
---|---|
Database User Roles | read,read-write(every database have) |
Database Administration Roles¶ | dbAdmin, dbOwner , userAdmin(every database have) |
Cluster Administration Roles | clusterAdmin,clusterManager,hostManager(admin database have) |
Backup and Restoration Roles | backup,restore (admin database hava) |
All-Database Roles | The following roles are available on the admin database and provide privileges which apply to all databases except local and config: readAnyDatabase,readWriteAnyDatabase,userAdminAnyDatabase,dbAdminAnyDatabase (admin database have) |
Superuser Roles: | root (Several roles provide either indirect or direct system-wide superuser access) (admin database have) |
Internal Role | __system¶ (system have) |
依据下面的这张表尝试了解上面语句的含意
A role can inherit privileges from other roles in its database. A role created on the admin database can inherit privileges from roles in any database.
A role can inherit privileges from other roles in its database: 一个角色 可能继承 创立角色时所在数据库的权限; 依据上图发现: read,readWrite,abAdmin,dbOwner,userAdmin…… 这些角色是每个数据库都有的. 而像 clusterAdmin,clusterManager,backup,readAnyDatabase,readWriteAnyDatabase …. 等角色 都是 admin 这个数据库所独有的,在其余数据库中没有; 所以咱们说当一个角色在 所在的库中被创立时 就继承了该库所具备的角色
A role created on the admin database can inherit privileges from roles in any database: 因为 every databave : 也蕴含 admin 这个数据库;也就是说 像 read,read-write,dbAdmin,dbOwner,userAdmin….. 等等这些角色 也在 admin 数据库中
MongoDB provides the built-in database user and database administration roles on every database. MongoDB provides all other built-in roles only on the admin database.
database user roles 和 database administration roles 这两类 built-in 是每个数据库都有, 然而 所有的其余 buildt-in roles 根本都调配到 admin 数据库中,当创立角色的时候须要以后数据库有没有对应的 roles 能够被继承
A role can include one or more existing roles in its definition, in which case the role inherits all the privileges of the included roles.
这句是说: 一个角色在定义的时候能够蕴含其余的角色, 那么从这个角度登程咱们认为 咱们定义的这个角色就继承了它定义时所蕴含的角色的权限(一种组合的形式)
super roles
The following roles provide the ability to assign any user any privilege on any database, which means that users with one of these roles can assign themselves any privilege on any database:
dbOwner role, when scoped to the admin database
userAdmin role, when scoped to the admin database
userAdminAnyDatabase role
The root role provides full privileges on all resources
// 当在 admin 中定义的用户领有 dbOwner 角色时;这个用户能够 assign any user any privilege on any database
// 当在 admin 中定义的用户领有 userAdmin 角色时;这个用户能够 assign any user any privilege on any database
// 当用户领有 userAdminAnyDatabase 角色时;这个用户能够 assign any user any privilege on any database
//root 用户更是无敌了
If there is a problem, please contact me in time. Thank you.
Ref
https://docs.mongodb.com/manu…