db.getRoles()
On this page本页内容
Definition定义
db.getRoles()-
Returns information for all the roles in the database on which the command runs.返回运行命令的数据库中所有角色的信息。The method can be run with or without an argument.该方法可以带参数运行,也可以不带参数运行。If run without an argument,如果在没有参数的情况下运行,db.getRoles()returns inheritance information for the database's user-defined roles.db.getRoles()将返回数据库用户定义角色的继承信息。To return more information, pass the要返回更多信息,请将带有以下字段的文档传递给db.getRoles()a document with the following fields:db.getRoles():Field字段Type类型Description描述rolesInfointeger Set this field to将此字段设置为1to retrieve all user-defined roles.1可检索所有用户定义的角色。showAuthenticationRestrictionsboolean Optional.可选的。Set this field to将此字段设置为trueto include authentication restrictions in the output.true可在输出中包含身份验证限制。Authentication restrictions indicate the IP addresses that users with this role can connect to and from.身份验证限制指示具有此角色的用户可以连接到的IP地址和可以从中连接的IP地址。
By default, this field is默认情况下,此字段为false, meaning that thedb.getRoles()output does not include authentication restrictions.false,这意味着db.getRoles()输出不包括身份验证限制。showBuiltinRolesboolean Optional.可选的。Set this field to true to display built-in roles as well as user-defined roles.将此字段设置为true可显示内置角色以及用户定义的角色。showPrivilegesboolean Optional.可选的。Set this field to将此字段设置为trueto show role privileges, including both privileges inherited from other roles and privileges defined directly.true可显示角色权限,包括从其他角色继承的权限和直接定义的权限。By default, the command returns only the roles from which this role inherits privileges and does not return specific privileges.默认情况下,该命令只返回此角色继承权限的角色,而不返回特定权限。db.getRoles()wraps the包装rolesInfocommand.rolesInfo命令。
Required Access所需访问权限
To view a role's information, you must be either explicitly granted the role or must have the 若要查看角色的信息,必须明确授予您该角色,或者必须对角色的数据库执行viewRole action on the role's database.viewRole 操作。
Examples实例
The examples in this section show how to use 本节中的示例显示了如何使用db.getRoles to:db.getRoles执行以下操作:
Show Role Privileges and Built-In Roles显示角色权限和内置角色
The following operation returns all the roles on the 以下操作返回products database, including role privileges and built-in roles:products数据库中的所有角色,包括角色权限和内置角色:
use products
db.getRoles(
{
rolesInfo: 1,
showPrivileges: true,
showBuiltinRoles: true
}
)
Example output (shortened for readability):示例输出(为便于阅读而缩短):
{
roles: [
{
role: 'dbOwner',
db: 'products',
isBuiltin: true,
roles: [],
inheritedRoles: [],
privileges: [
{
resource: { db: 'products', collection: '' },
actions: [
'analyze',
'bypassDocumentValidation',
'changeCustomData',
...
]
},
{
resource: { db: 'products', collection: 'system.profile' },
actions: [
'changeStream',
'collStats',
'convertToCapped',
...
]
}
],
inheritedPrivileges: [
{
resource: { db: 'products', collection: '' },
actions: [
'analyze',
'bypassDocumentValidation',
'changeCustomData',
...
]
}
]
},
...
]
}
Show Authentication Restrictions显示身份验证限制
The following operation returns role inheritance information and authentication restrictions for all user-defined roles on the 以下操作返回product database:product数据库中所有用户定义角色的角色继承信息和身份验证限制:
use products
db.getRoles( { rolesInfo: 1, showAuthenticationRestrictions: true } )
Example output:示例输出:
{
roles: [
{
_id: 'products.associate',
role: 'associate',
db: 'products',
roles: [ { role: 'readWrite', db: 'products' } ],
authenticationRestrictions: [
[ { clientSource: [ '198.51.100.0' ] } ]
],
isBuiltin: false,
inheritedRoles: [ { role: 'readWrite', db: 'products' } ],
inheritedAuthenticationRestrictions: [
[ { clientSource: [ '198.51.100.0' ] } ]
]
}
],
ok: 1
}