Docs HomeMongoDB Manual

Privilege Actions权限操作

On this page本页内容

Privilege actions define the operations a user can perform on a resource. 权限操作定义了用户可以对资源执行的操作。A MongoDB privilege comprises a resource and the permitted actions. MongoDB权限包括一个资源和允许的操作。This page lists available actions grouped by common purpose.此页面列出了按通用目的分组的可用操作。

MongoDB provides built-in roles with pre-defined pairings of resources and permitted actions. MongoDB为内置角色提供了预定义的资源配对和允许的操作。For lists of the actions granted, see Built-In Roles. 有关授予的操作列表,请参阅内置角色To define custom roles, see Create a User-Defined Role.要定义自定义角色,请参阅创建用户定义的角色

Query and Write Actions查询和写入操作

find

User can perform the following commands, and their equivalent helper methods:用户可以执行以下命令及其等效的辅助方法:

Required for the query portion of the mapReduce command and db.collection.mapReduce() helper method when outputting to a collection.输出到集合时,mapReduce命令的查询部分和db.collection.mapReduce()助手方法是必需的。

Required for the query portion of the findAndModify command and db.collection.findAndModify() helper method.findAndModify命令的查询部分和db.collection.findAndModify()辅助方法所必需。

Required on the source collection for the cloneCollectionAsCapped and renameCollection commands and the db.collection.renameCollection() helper method.cloneCollectionAsCappedrenameCollection命令以及db.collection.renameCollection()辅助方法的集合上是必需的。

If the user does not have the listDatabases privilege action, users can run the listDatabases command to return a list of databases for which the user has privileges (including databases for which the user has privileges on specific collections) if the command is run with authorizedDatabases option unspecified or set to true.如果用户没有listDatabases权限操作,则如果在authorizedDatabases选项未指定或设置为true的情况下运行该命令,则用户可以运行listDatabases命令以返回用户具有权限的数据库列表(包括用户对特定集合具有权限的数据库)。

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

insert

User can perform the following commands and their equivalent methods:用户可以执行以下命令及其等效方法:

Required for the output portion of the mapReduce command and db.collection.mapReduce() helper method when outputting to a collection.输出到集合时mapReduce命令的输出部分和db.collection.mapReduce()辅助方法所必需的。

Required for the aggregate command and db.collection.aggregate() helper method when using the $out or $merge pipeline operator.在使用$out$merge管道运算符时,aggregate命令和db.collection.aggregate()辅助方法是必需的。

Required for the update and findAndModify commands and equivalent helper methods when used with the upsert option.upsert选项一起使用时,updatefindAndModify命令以及等效的辅助方法是必需的。

Required on the destination collection for the following commands and their helper methods:以下命令及其辅助方法在目标集合上是必需的:

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

remove

User can perform the delete command and equivalent helper method.用户可以执行delete命令和等效的辅助方法。

Required for the write portion of the findAndModify command and db.collection.findAndModify() method.findAndModify命令和db.collection.findAndModify()方法的写入部分所必需的。

Required for the mapReduce command and db.collection.mapReduce() helper method when you specify the replace action when outputting to a collection.当您在输出到集合时指定替换操作时,mapReduce命令和db.collection.mapReduce()助手方法是必需的。

Required for the aggregate command and db.collection.aggregate() helper method when using the $out pipeline operator.在使用$out管道运算符时,aggregate命令和db.collection.aggregate()辅助方法是必需的。

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

update

User can perform the update command and equivalent helper methods.用户可以执行update命令和等效的辅助方法。

Required for the mapReduce command and db.collection.mapReduce() helper method when outputting to a collection without specifying the replace action.在不指定替换操作的情况下输出到集合时,mapReduce命令和db.collection.mapReduce()助手方法是必需的。

Required for the findAndModify command and db.collection.findAndModify() helper method.findAndModify命令和db.collection.findAndModify()辅助方法所必需的。

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

bypassDocumentValidation

Users can bypass document validation on commands and methods that support the bypassDocumentValidation option. The following commands and their equivalent methods support bypassing document validation:用户可以对支持bypassDocumentValidation选项的命令和方法绕过文档验证。以下命令及其等效方法支持绕过文档验证

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

useUUID

User can execute the following commands using a UUID as if it were a namespace:用户可以使用UUID执行以下命令,就好像它是一个命名空间一样:

For example, this privilege authorizes a user to run the following command which executes a find command on a collection with the given UUID. 例如,此权限授权用户运行以下命令,该命令在具有给定UUID的集合上执行find命令。In order to be successful, this operation also requires that the user is authorized to execute the find command on the collection namespace corresponding to the given UUID.为了成功,此操作还需要授权用户在与给定UUID对应的集合命名空间上执行find命令。

db.runCommand({find: UUID("123e4567-e89b-12d3-a456-426655440000")})

For more information on collection UUIDs, see Collections.有关集合UUID的详细信息,请参阅集合

Apply this action to the cluster resource.将此操作应用于cluster资源。

Database Management Actions数据库管理操作

changeCustomData

User can change the custom information of any user in the given database. 用户可以更改给定数据库中任何用户的自定义信息。Apply this action to database resources.将此操作应用于数据库资源。

changeOwnCustomData

Users can change their own custom information. Apply this action to database resources. 用户可以更改自己的自定义信息。将此操作应用于数据库资源。See also Change Your Password and Custom Data.另请参阅更改密码和自定义数据

changeOwnPassword

Users can change their own passwords. 用户可以更改自己的密码。Apply this action to database resources. 将此操作应用于数据库资源。See also Change Your Password and Custom Data.另请参阅更改密码和自定义数据

changePassword

User can change the password of any user in the given database. 用户可以更改给定数据库中任何用户的密码。Apply this action to database resources.将此操作应用于数据库资源。

createCollection

User can perform the db.createCollection() method. 用户可以执行db.createCollection()方法。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

createIndex

Provides access to the db.collection.createIndex() method and the createIndexes command. Apply this action to database or collection resources.提供对db.collection.createIndex()方法和createIndexes命令的访问权限。将此操作应用于数据库或集合资源。

createRole

User can create new roles in the given database. Apply this action to database resources.用户可以在给定的数据库中创建新角色。将此操作应用于数据库资源。

createUser

User can create new users in the given database. Apply this action to database resources.用户可以在给定的数据库中创建新用户。将此操作应用于数据库资源。

dropCollection

User can perform the db.collection.drop() method. Apply this action to database or collection resources.用户可以执行db.collection.drop()方法。将此操作应用于数据库或集合资源。

dropRole

User can delete any role from the given database. Apply this action to database resources.用户可以从给定的数据库中删除任何角色。将此操作应用于数据库资源。

dropUser

User can remove any user from the given database. Apply this action to database resources.用户可以从给定的数据库中删除任何用户。将此操作应用于数据库资源。

enableProfiler

User can perform the db.setProfilingLevel() method. Apply this action to database resources.用户可以执行db.setProfilingLevel()方法。将此操作应用于数据库资源。

grantRole

User can grant any role in the database to any user from any database in the system. Apply this action to database resources.用户可以将数据库中的任何角色授予系统中任何数据库的任何用户。将此操作应用于数据库资源。

killCursors

Starting in MongoDB 4.2, users can always kill their own cursors, regardless of whether the users have the privilege to killCursors. 从MongoDB 4.2开始,用户总是可以杀死自己的游标,而不管用户是否有killCursors的权限。As such, the killCursors privilege has no effect in MongoDB 4.2+.因此,killCursors权限在MongoDB 4.2+中没有任何作用。

In MongoDB 3.6.3 through MongoDB 4.0.x, users require killCursors privilege to kill their own curors when access control is enabled. 在MongoDB 3.6.3到MongoDB 4.0x中,当启用访问控制时,用户需要killCursors权限才能杀死自己的游标。Cursors are associated with the users at the time of cursor creation. Apply this action to collection resources.游标在创建游标时与用户相关联。将此操作应用于集合资源。

killAnyCursor

User can kill any cursor, even cursors created by other users. 用户可以杀死任何游标,甚至是其他用户创建的游标。Apply this action to collection resources.将此操作应用于集合资源。

planCacheIndexFilter

User can run the planCacheClearFilters, planCacheListFilters, and planCacheSetFilter commands. Apply the planCacheIndexFilter action to collection resources.用户可以运行planCacheClearFiltersplanCacheListFiltersplanCacheSetFilter命令。将planCacheIndexFilter操作应用于集合资源。

revokeRole

User can remove any role from any user from any database in the system. Apply this action to database resources.用户可以从系统中的任何数据库中的任何用户中删除任何角色。将此操作应用于数据库资源。

setAuthenticationRestriction

User can specify the authenticationRestrictions field in the user document when running the following commands:运行以下命令时,用户可以在user文档中指定authenticationRestrictions字段:

User can specify the authenticationRestrictions field in the role document when running the following commands:运行以下命令时,用户可以在role文档中指定authenticationRestrictions字段:

Note

The following built-in roles grant this privilege:以下内置角色授予此权限:

Transitively, the restore and root roles also provide this privilege.在传输过程中,restore角色和root角色也提供了此权限。

Apply this action to database resources.将此操作应用于数据库资源。

setFeatureCompatibilityVersion

User can run the setFeatureCompatibilityVersion command. 用户可以运行setFeatureCompatibilityVersion命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

unlock

User can perform the db.fsyncUnlock() method. Apply this action to the cluster resource.用户可以执行db.fsyncUnlock()方法。将此操作应用于cluster资源。

viewRole

User can view information about any role in the given database. 用户可以查看有关给定数据库中任何角色的信息。Apply this action to database resources.将此操作应用于数据库资源。

viewUser

User can view the information of any user in the given database. Apply this action to database resources.用户可以查看给定数据库中任何用户的信息。将此操作应用于数据库资源。

Deployment Management Actions部署管理操作

authSchemaUpgrade

User can perform the authSchemaUpgrade command. Apply this action to the cluster resource.用户可以执行authSchemaUpgrade命令。将此操作应用于cluster资源。

cleanupOrphaned

User can perform the cleanupOrphaned command. Apply this action to the cluster resource.用户可以执行cleanupOrphaned命令。将此操作应用于cluster资源。

cpuProfiler

User can enable and use the CPU profiler. Apply this action to the cluster resource.用户可以启用和使用CPU探查器。将此操作应用于cluster资源。

inprog

User can use the db.currentOp() method to return information on pending and active operations. Apply this action to the cluster resource.用户可以使用db.currentOp()方法返回有关挂起和活动操作的信息。将此操作应用于cluster资源。

Changed in version 3.2.9.3.2.9版更改。Even without the inprog privilege, on mongod instances, users can view their own operations by running db.currentOp( { "$ownOps": true } ).即使没有inprog权限,在mongod实例上,用户也可以通过运行db.currentOp( { "$ownOps": true } )来查看自己的操作。

invalidateUserCache

Provides access to the invalidateUserCache command. Apply this action to the cluster resource.提供对invalidateUserCache命令的访问权限。将此操作应用于cluster资源。

killop

User can perform the db.killOp() method. Apply this action to the cluster resource.用户可以执行db.killOp()方法。将此操作应用于cluster资源。

Changed in version 3.2.9.3.2.9版更改。Even without the killop privilege, on mongod instances, users can kill their own operations.即使没有killop权限,在mongod实例上,用户也可以终止自己的操作。

planCacheRead

User can run the following operations:用户可以运行以下操作:

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

planCacheWrite

User can perform the planCacheClear command and the PlanCache.clear() and PlanCache.clearPlansByQuery() methods. Apply this action to database or collection resources.用户可以执行planCacheClear命令以及PlanCache.clear()PlanCache.clearPlansByQuery()方法。将此操作应用于数据库或集合资源。

storageDetails

Deprecated in 7.0:7.0中已弃用: The storageDetails action has been removed from the database.storageDetails操作已从数据库中删除。

Change Stream Actions更改流操作

changeStream

User with changeStream and find on the specific collection, all non-system collections in a specific database, or all non-system collections across all databases can open change stream cursor for that resource.在特定集合、特定数据库中的所有非system集合或所有数据库中的全部非system集合上具有changeStreamfind的用户可以打开该资源的变更流游标。

Replication Actions复制操作

appendOplogNote

User can append notes to the oplog. Apply this action to the cluster resource.用户可以在操作日志中添加注释。将此操作应用于cluster资源。

replSetConfigure

User can configure a replica set. Apply this action to the cluster resource.用户可以配置复制副本集。将此操作应用于cluster资源。

replSetGetConfig

User can view a replica set's configuration. 用户可以查看复制副本集的配置。Provides access to the replSetGetConfig command and rs.conf() helper method.提供对replSetGetConfig命令和rs.conf()辅助方法的访问。

Apply this action to the cluster resource.将此操作应用于cluster资源。

replSetGetStatus

User can perform the replSetGetStatus command. Apply this action to the cluster resource.用户可以执行replSetGetStatus命令。将此操作应用于cluster资源。

replSetHeartbeat

User can perform the deprecated replSetHeartbeat command. Apply this action to the cluster resource.用户可以执行不推荐使用的replSetHeartbeat命令。将此操作应用于cluster资源。

replSetStateChange

User can change the state of a replica set through the replSetFreeze, replSetMaintenance, replSetStepDown, and replSetSyncFrom commands. Apply this action to the cluster resource.用户可以通过replSetFreezereplSetMaintenancereplSetStepDownreplSetSyncFrom命令更改副本集的状态。将此操作应用于cluster资源。

resync

User can perform the deprecated resync command. 用户可以执行不推荐使用的resync命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

Sharding Actions分片操作

addShard

User can perform the addShard command. 用户可以执行addShard命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

checkMetadataConsistency

User can perform the checkMetadataConsistency command. 用户可以执行checkMetadataConsistency命令。Apply this action to cluster, database or collection resources.将此操作应用于cluster、数据库或集合资源。

New in version 7.0. 7.0版新增。

clearJumboFlag

Available starting in 4.2.3 and 4.0.15从4.2.3和4.0.15开始提供

Required to clear a chunk's jumbo flag using the clearJumboFlag command. Apply this action to database or collection resources.需要使用clearJumboFlag命令清除区块的jumbo标志。将此操作应用于数据库或集合资源。

Included in the clusterManager built-in role.包含在clusterManager内置角色中。

enableSharding
Note

Applicable Resources适用资源

The action can apply to either:该操作可适用于以下任一情况:

  • Database or collection resource to enable sharding for a database or shard a collection.数据库集合资源,以启用数据库的分片或集合的分片。
  • Cluster resource to perform various shard zone operations.集群资源来执行各种分片区域操作。
Resources资源Description描述
Database数据库 or Collection集合Grants users privileges to perform the following operations: 授予用户执行以下操作的权限:
Cluster群集
Starting in version 4.2.2, 4.0.14, 3.6.16从版本4.2.2、4.0.14、3.6.16开始		Grants users privileges to perform the following shard zone operations: 授予用户执行以下分片区域操作的权限: You can also perform these shard zone operations if you have find/update actions on the appropriate collections in the config database. 如果您在配置数据库中对适当的集合执行了find/find/update操作,那么您也可以执行这些分片区域操作。Refer to the specific operations for details. 有关详细信息,请参阅具体操作。
refineCollectionShardKey

Provides privileges to refine the shard key for a sharded collection and run the refineCollectionShardKey command. 提供细化分片集合的分片键并运行refineCollectionShardKey命令的权限。Apply this action to database or collection resources.将此操作应用于数据库集合资源。

Included in the clusterManager built-in role.包含在clusterManager内置角色中。

New in version 4.4. 4.4版新增。

reshardCollection

User can perform the reshardCollection command. 用户可以执行reshardCollection命令。Apply this action to database or collection resources.将此操作应用于数据库和集合资源。

New in version 5.0. 5.0版新增。

flushRouterConfig

User can perform the flushRouterConfig command. 用户可以执行flushRouterConfig命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

getShardMap

User can perform the getShardMap command. 用户可以执行getShardMap命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

getShardVersion

User can perform the getShardVersion command. 用户可以执行getShardVersion命令。Apply this action to database resources.将此操作应用于数据库资源。

listShards

User can perform the listShards command. 用户可以执行listShards命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

moveChunk

User can perform the moveChunk and moveRange commands. 用户可以执行moveChunkmoveRange命令。In addition, user can perform the movePrimary command provided that the privilege is applied to an appropriate database resource. Apply this action to database or collection resources.此外,用户可以执行movePrimary命令,前提是将权限应用于适当的数据库资源。将此操作应用于数据库或集合资源。

removeShard

User can perform the removeShard command. Apply this action to the cluster resource.用户可以执行removeShard命令。将此操作应用于cluster资源。

shardedDataDistribution

User can perform the $shardedDataDistribution aggregation pipeline stage.用户可以执行$shardedDataDistribution聚合管道阶段。

New in version 6.0.3. 6.0.3版新增。

shardingState

User can perform the shardingState command. 用户可以执行shardingState命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

splitVector

User can perform the splitVector command. 用户可以执行splitVector命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

Server Administration Actions服务器管理操作

applicationMessage

User can perform the logApplicationMessage command. 用户可以执行logApplicationMessage命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

bypassWriteBlockingMode

User can perform writes even when writes are blocked by the setUserWriteBlockMode command. 即使写入被setUserWriteBlockMode命令阻止,用户也可以执行写入。Apply this action to the cluster resource.将此操作应用于cluster资源。

closeAllDatabases

User can perform the deprecated closeAllDatabases command. 用户可以执行不推荐使用的closeAllDatabases命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

collMod

User can perform the collMod command. 用户可以执行collMod命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

compact

User can perform the compact command. 用户可以执行compact命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

compactStructuredEncryptionData

User can perform the compactStructuredEncryptionData command. 用户可以执行compactStructuredEncryptionData命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

connPoolSync

User can perform the internal connPoolSync command. 用户可以执行internal connPoolSync命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

convertToCapped

User can perform the convertToCapped command. 用户可以执行convertToCapped命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

dropConnections

User can perform the dropConnections command. 用户可以执行dropConnections命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

dropDatabase

User can perform the dropDatabase command. 用户可以执行dropDatabase命令。Apply this action to database resources.将此操作应用于数据库资源。

dropIndex

User can perform the dropIndexes command. 用户可以执行dropIndexes命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

forceUUID

User can create a collection with a user-defined collection UUID using the applyOps command.用户可以使用applyOps命令创建具有用户定义的集合UUID的集合。

Apply this action to the cluster resource.将此操作应用于cluster资源。

fsync

User can perform the fsync command. 用户可以执行fsync命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

getDefaultRWConcern

User can issue the administrative getDefaultRWConcern command. 用户可以发出管理getDefaultRWConcern命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

getParameter

User can perform the getParameter command. 用户可以执行getParameter命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

hostInfo

Provides information about the server the MongoDB instance runs on. 提供有关MongoDB实例运行的服务器的信息。Apply this action to the cluster resource.将此操作应用于cluster资源。

oidReset

Required to reset the 5 byte random string that is used in the ObjectID.需要重置ObjectID中使用的5字节随机字符串。

logRotate

User can perform the logRotate command. 用户可以执行logRotate命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

reIndex

User can perform the reIndex command. 用户可以执行reIndex命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

renameCollectionSameDB

Allows the user to rename collections on the current database using the renameCollection command. 允许用户使用renameCollection命令重命名当前数据库上的集合。Apply this action to database resources.将此操作应用于数据库资源。

Additionally, the user must either have find on the source collection or not have find on the destination collection.此外,用户必须在源集合上find,或者在目标集合上没有find

If a collection with the new name already exists, the user must also have the dropCollection action on the destination collection.如果具有新名称的集合已经存在,则用户还必须对目标集合执行dropCollection操作。

rotateCertificates

User can perform the rotateCertificates command command. 用户可以执行rotateCertificates命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

setDefaultRWConcern

User can issue the administrative setDefaultRWConcern command. 用户可以发出管理setDefaultRWConcern命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

setParameter

User can perform the setParameter command. 用户可以执行setParameter命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

setUserWriteBlockMode

User can perform the setUserWriteBlockMode command. 用户可以执行setUserWriteBlockMode命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

shutdown

User can perform the shutdown command. 用户可以执行shutdown命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

touch

User can perform the deprecated touch command. 用户可以执行deprecated touch命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

Session Actions会话操作

impersonate

User can perform the killAllSessionsByPattern command with users and roles pattern. 用户可以使用用户和roles模式执行killAllSessionsByPattern命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

To run killAllSessionsByPattern command, users must also have killAnySession privileges on the cluster resource.若要运行killAllSessionsByPattern命令,用户还必须对群集资源具有killAnySession权限。

listSessions

User can perform the $listSessions operation or $listLocalSessions operation for all users or specified user(s). 用户可以对所有用户或指定用户执行$listSessions操作或$listLocalSessions操作。Apply this action to the cluster resource.将此操作应用于cluster资源。

killAnySession

User can perform the killAllSessions and the killAllSessionsByPattern command. 用户可以执行killAllSessionskillAllSessionsByPattern命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

Tip

See also: 另请参阅:

impersonate

Atlas Search Index ActionsAtlas搜索索引操作

The following actions enable users to run Atlas Search Database Commands. These actions are only relevant for deployments hosted on MongoDB Atlas.通过以下操作,用户可以运行Atlas搜索数据库命令。这些操作仅与MongoDB Atlas上托管的部署相关。

createSearchIndexes

User can run the createSearchIndexes database command. Apply this action to the database or collection resource.用户可以运行createSearchIndexes数据库命令。将此操作应用于数据库或集合资源。

dropSearchIndex

User can run the dropSearchIndex database command. 用户可以运行dropSearchIndex数据库命令。Apply this action to the database or collection resource.将此操作应用于数据库或集合资源。

listSearchIndexes

User can run the $listSearchIndexes aggregation stage. Apply this action to the database or collection resource.用户可以运行$listSearchIndexes聚合阶段。将此操作应用于数据库或集合资源。

updateSearchIndex

User can run the updateSearchIndex database command. Apply this action to the database or collection resource.用户可以运行updateSearchIndex数据库命令。将此操作应用于数据库或集合资源。

Free Monitoring Actions免费监控操作

checkFreeMonitoringStatus

User with this action on the cluster resource can check the status of Free Monitoring.cluster资源执行此操作的用户可以检查自由监视的状态。

New in version 4.0. 4.0版新增。

setFreeMonitoring

User with this action on the cluster resource can enable or disable Free Monitoring.cluster资源执行此操作的用户可以启用或禁用自由监视

New in version 4.0. 4.0版新增。

Diagnostic Actions诊断操作

collStats

User can perform the collStats command. 用户可以执行collStats命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

connPoolStats

User can perform the connPoolStats command. 用户可以执行connPoolStats命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

dbHash

User can perform the dbHash command. 用户可以执行dbHash命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

dbStats

User can perform the dbStats command. 用户可以执行dbStats命令。Apply this action to database resources.将此操作应用于数据库资源。

getCmdLineOpts

User can perform the getCmdLineOpts command. 用户可以执行getCmdLineOpts命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

getLog

User can perform the getLog command. 用户可以执行getLog命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

indexStats

User can perform the indexStats command. 用户可以执行indexStats命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

Changed in version 3.0.3.0版更改。MongoDB 3.0 removes the indexStats command.MongoDB 3.0删除了indexStats命令。

listDatabases

User can perform the listDatabases command. 用户可以执行listDatabases命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

If the user does not have the listDatabases privilege action, users can run the listDatabases command to return a list of databases for which the user has privileges (including databases for which the user has privileges on specific collections) if the command is run with authorizedDatabases option unspecified or set to true.如果用户没有listDatabases权限操作,则如果在authorizedDatabases选项未指定或设置为true的情况下运行该命令,则用户可以运行listDatabases命令以返回用户具有权限的数据库列表(包括用户对特定集合具有权限的数据库)。

listCollections

User can perform the listCollections command. 用户可以执行listCollections命令。Apply this action to database resources.将此操作应用于数据库资源。

Note

Starting in version 4.0, user without the required privilege can run the listCollections command with both authorizedCollections and nameOnly options set to true. 从4.0版本开始,没有所需权限的用户可以在authorizedCollectionsnameOnly选项都设置为true的情况下运行listCollections命令。In this case, the command returns just the name and type of the collection(s) to which the user has privileges.在这种情况下,该命令只返回用户有权限访问的集合的名称和类型。

listIndexes

User can perform the listIndexes command. 用户可以执行listIndexes命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

netstat

User can perform the netstat command. 用户可以执行netstat命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

serverStatus

User can perform the serverStatus command. 用户可以执行serverStatus命令。Apply this action to the cluster resource.将此操作应用于cluster资源。

validate

User can perform the validate and validateDBMetadata commands. 用户可以执行validatevalidateDBMetadata命令。Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

top

User can perform the top command. Apply this action to the cluster resource.用户可以执行top命令。将此操作应用于cluster资源。

Internal Actions内部行动

anyAction

Allows any action on a resource. 允许对资源执行任何操作。Do not assign this action unless it is absolutely necessary.除非绝对必要,否则不要分配此操作。

internal

Allows internal actions. 允许内部操作。Do not assign this action unless it is absolutely necessary.除非绝对必要,否则不要分配此操作。

applyOps

User can perform the applyOps command. Apply this action to a cluster resource.用户可以执行applyOps命令。将此操作应用于cluster资源。