- 安全 >
- Security Tutorials >
- 用户权限管理指南 >
- Verify User Privileges
Verify User Privileges¶
概述¶
A user’s privileges determine the access the user has to MongoDB resources and the actions that user can perform. Users receive privileges through role assignments. A user can have multiple roles, and each role can have multiple privileges.
For an overview of roles and privileges, see 授权.
Prerequisites¶
To view a role’s information, you must be explicitly granted the role or must have the viewRole action on the role’s database.
Procedure¶
Identify the user’s roles.¶
Use the usersInfo command or db.getUser() method to display user information. The roles array specifies the user’s roles.
For example, to view roles for accountUser01 on the accounts database, issue the following:
use accounts
db.getUser("accountUser01")
The roles array displays all roles for accountUser01:
"roles" : [
{
"role" : "readWrite",
"db" : "accounts"
},
{
"role" : "siteRole01",
"db" : "records"
}
]
Identify the privileges granted by the roles.¶
For a given role, use the rolesInfo command or db.getRole() method, and include the showPrivileges parameter. The resulting role document displays both privileges granted directly and roles from which this role inherits privileges.
For example, to view the privileges granted by siteRole01 on the records database, use the following operation, which returns a document with a privileges array:
use records
db.getRole( "siteRole01", { showPrivileges: true } )
The returned document includes the roles and privileges arrays:
"roles" : [
{
"role" : "read",
"db" : "corporate"
}
],
"privileges" : [
{
"resource" : {
"db" : "records",
"collection" : ""
},
"actions" : [
"find",
"insert",
"update"
]
}
]
To view the privileges granted by the read role, use db.getRole() again with the appropriate parameters.