Database Manual / Security / Database Users

Privilege Actions权限操作

Privilege actions define the operations a user can perform on a resource. A MongoDB privilege comprises a resource and the permitted actions. This page lists available actions grouped by common purpose.权限操作定义了用户可以对资源执行的操作。MongoDB权限包括资源和允许的操作。此页面列出了按共同目的分组的可用操作。

MongoDB provides built-in roles with pre-defined pairings of resources and permitted actions. For lists of the actions granted, see:MongoDB提供了具有预定义资源和允许操作配对的内置角色。有关授予的操作列表,请参阅:

To define custom roles, see:要定义自定义角色,请参阅:

Query and Write Actions查询和写入操作

find

User can perform the following commands, and their equivalent helper methods:用户可以执行以下命令及其等效的辅助方法:

Required for the query portion of the mapReduce command and db.collection.mapReduce() helper method when outputting to a collection.输出到集合时,mapReduce命令的查询部分和db.collection.mapReduce()辅助方法是必需的。

Required for the query portion of the findAndModify command and db.collection.findAndModify() helper method.findAndModify命令和db.collection.findAndModify()辅助方法的查询部分必需。

Required on the source collection for the cloneCollectionAsCapped and renameCollection commands and the db.collection.renameCollection() helper method.cloneCollectionAsCappedrenameCollection命令以及db.collection.renameCollection()辅助方法在源集合上是必需的。

If the user does not have the listDatabases privilege action, users can run the listDatabases command to return a list of databases for which the user has privileges (including databases for which the user has privileges on specific collections) if the command is run with authorizedDatabases option unspecified or set to true.如果用户没有listDatabases权限操作,并且未指定authorizedDatabases选项或将其设置为true,则用户可以运行listDatabases命令以返回用户具有权限的数据库列表(包括用户在特定集合上具有权限的数据库)。

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

insert

User can perform the following commands and their equivalent methods:用户可以执行以下命令及其等效方法:

Required for the output portion of the mapReduce command and db.collection.mapReduce() helper method when outputting to a collection.输出到集合时,mapReduce命令的输出部分和db.collection.mapReduce()辅助方法是必需的。

Required for the aggregate command and db.collection.aggregate() helper method when using the $out or $merge pipeline operator.使用$out$merge管道运算符时,aggregate命令和db.collection.aggregate()辅助方法都是必需的。

Required for the update and findAndModify commands and equivalent helper methods when used with the upsert option.当与upsert选项一起使用时,updatefindAndModify命令以及等效的辅助方法都是必需的。

Required on the destination collection for the following commands and their helper methods:以下命令及其辅助方法在目标集合上是必需的:

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

remove

User can perform the delete command and equivalent helper method.用户可以执行delete命令和等效的辅助方法。

Required for the write portion of the findAndModify command and db.collection.findAndModify() method.findAndModify命令和db.collection.findAndModify()方法的写入部分必需。

Required for the mapReduce command and db.collection.mapReduce() helper method when you specify the replace action when outputting to a collection.当您在输出到集合时指定替换操作时,mapReduce命令和db.collection.mapReduce()辅助方法都是必需的。

Required for the aggregate command and db.collection.aggregate() helper method when using the $out pipeline operator.使用$out管道运算符时,aggregate命令和db.collection.aggregate()辅助方法都是必需的。

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

update

User can perform the update command and equivalent helper methods.用户可以执行update命令和等效的辅助方法。

Required for the mapReduce command and db.collection.mapReduce() helper method when outputting to a collection without specifying the replace action.在不指定replace操作的情况下输出到集合时,mapReduce命令和db.collection.mapReduce()辅助方法都是必需的。

Required for the findAndModify command and db.collection.findAndModify() helper method.findAndModify命令和db.collection.findAndModify()辅助方法必需。

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

bypassDocumentValidation

Users can bypass schema validation on commands and methods that support the bypassDocumentValidation option. The following commands and their equivalent methods support bypassing schema validation:用户可以绕过支持bypassDocumentValidation选项的命令和方法的架构验证。以下命令及其等效方法支持绕过模式验证

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

useUUID

User can execute the following commands using a UUID as if it were a namespace:用户可以使用UUID执行以下命令,就像它是一个命名空间一样:

For example, this privilege authorizes a user to run the following command which executes a find command on a collection with the given UUID. 例如,此权限授权用户运行以下命令,该命令在具有给定UUID的集合上执行find命令。In order to be successful, this operation also requires that the user is authorized to execute the find command on the collection namespace corresponding to the given UUID.为了成功,此操作还要求用户有权在与给定UUID对应的集合命名空间上执行find命令。

db.runCommand({find: UUID("123e4567-e89b-12d3-a456-426655440000")})

For more information on collection UUIDs, see Collections.有关集合UUID的更多信息,请参阅集合

Apply this action to the cluster resource.将此操作应用于cluster资源。

Database Management Actions数据库管理操作

changeCustomData

User can change the custom information of any user in the given database. Apply this action to database resources.用户可以更改给定数据库中任何用户的自定义信息。将此操作应用于数据库资源。

changeOwnCustomData

Users can change their own custom information. Apply this action to database resources. See also Change Your Password and Custom Data on Self-Managed Deployments.用户可以更改自己的自定义信息。将此操作应用于数据库资源。另请参阅关于自我管理部署的更改密码和自定义数据

changeOwnPassword

Users can change their own passwords. Apply this action to database resources. See also Change Your Password and Custom Data on Self-Managed Deployments.用户可以更改自己的密码。将此操作应用于数据库资源。另请参阅关于自我管理部署的更改密码和自定义数据

changePassword

User can change the password of any user in the given database. Apply this action to database resources.用户可以更改给定数据库中任何用户的密码。将此操作应用于数据库资源。

createCollection

User can perform the db.createCollection() method. Apply this action to database or collection resources.用户可以执行db.createCollection()方法。将此操作应用于数据库或集合资源。

createIndex

Provides access to the db.collection.createIndex() method and the createIndexes command. Apply this action to database or collection resources.提供对db.collection.createIndex()方法和createIndexes命令的访问。将此操作应用于数据库或集合资源。

createRole

User can create new roles in the given database. Apply this action to database resources.用户可以在给定的数据库中创建新角色。将此操作应用于数据库资源。

createUser

User can create new users in the given database. Apply this action to database resources.用户可以在给定的数据库中创建新用户。将此操作应用于数据库资源。

dropCollection

User can perform the db.collection.drop() method. Apply this action to database or collection resources.用户可以执行db.collection.drop()方法。将此操作应用于数据库或集合资源。

dropRole

User can delete any role from the given database. Apply this action to database resources.用户可以从给定的数据库中删除任何角色。将此操作应用于数据库资源。

dropUser

User can remove any user from the given database. Apply this action to database resources.用户可以从给定的数据库中删除任何用户。将此操作应用于数据库资源。

enableProfiler

User can perform the db.setProfilingLevel() method. Apply this action to database resources.用户可以执行db.setProfilingLevel()方法。将此操作应用于数据库资源。

grantRole

User can grant any role in the database to any user from any database in the system. Apply this action to database resources.用户可以将数据库中的任何角色授予系统中任何数据库的任何用户。将此操作应用于数据库资源。

killCursors

Users can always terminate their own cursors, regardless of whether the users have the privilege to killCursors.用户始终可以终止自己的游标,无论用户是否有权killCursors

killAnyCursor

User can kill any cursor, even cursors created by other users. Apply this action to collection resources.用户可以杀死任何游标,甚至是其他用户创建的游标。将此操作应用于集合资源。

planCacheIndexFilter

User can run the planCacheClearFilters, planCacheListFilters, and planCacheSetFilter commands. Apply the planCacheIndexFilter action to collection resources.用户可以运行planCacheClearFiltersplanCacheListFiltersplanCacheSetFilter命令。将planCacheIndexFilter操作应用于集合资源。

querySettings

User can run the setQuerySettings and removeQuerySettings commands, and add a $querySettings stage to an aggregation pipeline.用户可以运行setQuerySettingsremoveQuerySettings命令,并将$querySettings阶段添加到聚合管道中。

New in version 8.0.在版本8.0中新增。

revokeRole

User can remove any role from any user from any database in the system. Apply this action to database resources.用户可以从系统中的任何数据库中删除任何用户的任何角色。将此操作应用于数据库资源。

setAuthenticationRestriction

User can specify the authenticationRestrictions field in the user document when running the following commands:运行以下命令时,用户可以在user文档中指定authenticationRestrictions字段:

User can specify the authenticationRestrictions field in the role document when running the following commands:运行以下命令时,用户可以在角色文档中指定authenticationRestrictions字段:

Note

The following built-in roles grant this privilege:以下内置角色授予此权限:

Transitively, the restore and root roles also provide this privilege.在传递过程中,restoreroot角色也提供了此权限。

Apply this action to database resources.将此操作应用于数据库资源。

setFeatureCompatibilityVersion

User can run the setFeatureCompatibilityVersion command. Apply this action to the cluster resource.用户可以运行setFeatureCompatibilityVersion命令。将此操作应用于cluster资源。

unlock

User can perform the db.fsyncUnlock() method. Apply this action to the cluster resource.用户可以执行db.fsyncUnlock()方法。将此操作应用于cluster资源。

viewRole

User can view information about any role in the given database. Apply this action to database resources.用户可以查看给定数据库中任何角色的信息。将此操作应用于数据库资源。

viewUser

User can view the information of any user in the given database. Apply this action to database resources.用户可以查看给定数据库中任何用户的信息。将此操作应用于数据库资源。

Deployment Management Actions部署管理操作

authSchemaUpgrade

User can perform the authSchemaUpgrade command. Apply this action to the cluster resource.用户可以执行authSchemaUpgrade命令。将此操作应用于cluster资源。

cleanupOrphaned

User can perform the cleanupOrphaned command. Apply this action to the cluster resource.用户可以执行cleaneupOrphaned命令。将此操作应用于cluster资源。

cpuProfiler

User can enable and use the CPU profiler. Apply this action to the cluster resource.用户可以启用和使用CPU分析器。将此操作应用于cluster资源。

inprog

User can use the db.currentOp() method to return information on pending and active operations. Apply this action to the cluster resource.用户可以使用db.currentOp()方法返回挂起和活动操作的信息。将此操作应用于cluster资源。

Even without the inprog privilege, on mongod instances, users can view their own operations by running db.currentOp( { "$ownOps": true } ).即使没有inprog权限,在mongod实例上,用户也可以通过运行db.currentOp( { "$ownOps": true } )来查看自己的操作。

invalidateUserCache

Provides access to the invalidateUserCache command. Apply this action to the cluster resource.提供对invalidateUserCache命令的访问。将此操作应用于cluster资源。

killop

User can perform the db.killOp() method. Apply this action to the cluster resource.用户可以执行db.killOp()方法。将此操作应用于cluster资源。

Even without the killop privilege, on mongod instances, users can kill their own operations.即使没有killop权限,在mongod实例上,用户也可以终止自己的操作。

planCacheRead

User can run the following operations:用户可以运行以下操作:

Apply this action to database or collection resources.将此操作应用于数据库或集合资源。

planCacheWrite

User can perform the planCacheClear command and the PlanCache.clear() and PlanCache.clearPlansByQuery() methods. Apply this action to database or collection resources.用户可以执行planCacheClear命令以及PlanCache.clear()PlanCache.clearPlansByQuery()方法。将此操作应用于数据库或集合资源。

Change Stream Actions更改流操作

changeStream

User with changeStream and find on the specific collection, all non-system collections in a specific database, or all non-system collections across all databases can open change stream cursor for that resource.具有changeStream的用户可以在特定集合、特定数据库中的所有非系统集合或所有数据库中的全部非系统集合上查找并打开该资源的更改流游标

Replication Actions复制操作

appendOplogNote

User can append notes to the oplog. Apply this action to the cluster resource.用户可以在oplog中添加注释。将此操作应用于cluster资源。

replSetConfigure

User can configure a replica set. Apply this action to the cluster resource.用户可以配置副本集。将此操作应用于cluster资源。

replSetGetConfig

User can view a replica set's configuration. Provides access to the replSetGetConfig command and rs.conf() helper method.用户可以查看副本集的配置。提供对replSetGetConfig命令和rs.conf()辅助方法的访问。

Apply this action to the cluster resource.将此操作应用于cluster资源。

replSetGetStatus

User can perform the replSetGetStatus command. Apply this action to the cluster resource.用户可以执行replSetGetStatus命令。将此操作应用于cluster资源。

replSetHeartbeat

User can perform the deprecated replSetHeartbeat command. Apply this action to the cluster resource.用户可以执行已弃用的replSetHeartbeat命令。将此操作应用于cluster资源。

replSetStateChange

User can change the state of a replica set through the replSetFreeze, replSetMaintenance, replSetStepDown, and replSetSyncFrom commands. Apply this action to the cluster resource.用户可以通过replSetFreezereplSetMaintenancereplSetStepDownreplSetSyncFrom命令更改副本集的状态。将此操作应用于cluster资源。

resync

User can perform the deprecated resync command. Apply this action to the cluster resource.用户可以执行已弃用的resync命令。将此操作应用于cluster资源。

Sharding Actions分片化行为

addShard

User can perform the addShard command. Apply this action to the cluster resource.用户可以执行addShard命令。将此操作应用于cluster资源。

analyzeShardKey

User can perform the analyzeShardKey command. Apply this action to the database and collection resources.用户可以执行analyzeShardKey命令。将此操作应用于数据库和集合资源。

Included in the clusterManager and enableSharding built-in roles.包含在clusterManager中并enableSharding(启用分片)内置角色。

checkMetadataConsistency

User can perform the checkMetadataConsistency command. 用户可以执行checkMetadataConsistency命令。Apply this action to cluster, database or collection resources.将此操作应用于cluster、数据库或集合资源。

New in version 7.0.在版本7.0中新增。

clearJumboFlag

Required to clear a chunk's jumbo flag using the clearJumboFlag command. Apply this action to database or collection resources.需要使用clearJumboFlag命令清除块的巨型标志。将此操作应用于数据库或集合资源。

Included in the clusterManager built-in role.包含在clusterManager内置角色中。

enableSharding

Note

Applicable Resources适用资源

The action can apply to either:该操作可以应用于以下任一情况:

  • Database or collection resource to enable sharding for a database or shard a collection.数据库集合资源,用于对数据库或集合进行分片。
  • Cluster resource to perform various shard zone operations.集群资源以执行各种分片区域操作。
Resources资源Description描述
Database or Collection数据库集合

Grants users privileges to perform the following operations:授予用户执行以下操作的权限:

Cluster群集

Grants users privileges to perform the following shard zone operations:授予用户执行以下分片区域操作的权限:

You can also perform these shard zone operations if you have find/update actions on the appropriate collections in the config database. Refer to the specific operations for details.如果您在config数据库中的相应集合上有find/update操作,您也可以执行这些分片区域操作。详见具体操作。

refineCollectionShardKey

Provides privileges to refine the shard key for a sharded collection and run the refineCollectionShardKey command. Apply this action to database or collection resources.提供权限以优化分片集合的分片键,并运行refineCollectionShardKey命令。将此操作应用于数据库集合资源。

Included in the clusterManager built-in role.包含在clusterManager内置角色中。

moveCollection

User can perform the moveCollection command. Apply this action to the cluster resource.用户可以执行moveCollection命令。将此操作应用于cluster资源。

New in version 8.0.在版本8.0中新增。

reshardCollection

User can perform the reshardCollection command. Apply this action to database or collection resources.用户可以执行reshardCollection命令。将此操作应用于数据库集合资源。

New in version 5.0.在版本5.0中新增。

unshardCollection

User can perform the unshardCollection command. Apply this action to the cluster resource.用户可以执行unshardCollection命令。将此操作应用于cluster资源。

New in version 8.0.在版本8.0中新增。

flushRouterConfig

User can perform the flushRouterConfig command. Apply this action to the cluster resource.用户可以执行flushRouterConfig命令。将此操作应用于cluster资源。

getShardMap

User can perform the getShardMap command. Apply this action to the cluster resource.用户可以执行getShardMap命令。将此操作应用于cluster资源。

listShards

User can perform the listShards command. Apply this action to the cluster resource.用户可以执行listShards命令。将此操作应用于cluster资源。

moveChunk

User can perform the moveChunk and moveRange commands. 用户可以执行moveChunkmoveRange命令。In addition, user can perform the movePrimary command provided that the privilege is applied to an appropriate database resource. Apply this action to database or collection resources.此外,如果权限应用于适当的数据库资源,用户可以执行movePrimary命令。将此操作应用于数据库或集合资源。

removeShard

User can perform the removeShard command. Apply this action to the cluster resource.用户可以执行removeShard命令。将此操作应用于cluster资源。

shardedDataDistribution

User can perform the $shardedDataDistribution aggregation pipeline stage.用户可以执行$shardedDataDistribution聚合管道阶段。

New in version 6.0.3.在版本6.0.3中新增。

shardingState

User can perform the shardingState command. Apply this action to the cluster resource.用户可以执行shardingState命令。将此操作应用于cluster资源。

transitionFromDedicatedConfigServer

User with this action on the cluster resource can run the transitionFromDedicatedConfigServer command.cluster资源执行此操作的用户可以运行transitionFromDedicatedConfigServer命令。

New in version 8.0.在版本8.0中新增。

transitionToDedicatedConfigServer

User with this action on the cluster resource can run the transitionToDedicatedConfigServer command.cluster资源执行此操作的用户可以运行transitionToDedicatedConfigServer命令。

New in version 8.0.在版本8.0中新增。

Server Administration Actions服务器管理操作

applicationMessage

User can perform the logApplicationMessage command. Apply this action to the cluster resource.用户可以执行logApplicationMessage命令。将此操作应用于cluster资源。

bypassWriteBlockingMode

User can perform writes even when writes are blocked by the setUserWriteBlockMode command. Apply this action to the cluster resource.即使setUserWriteBlockMode命令阻止写入,用户也可以执行写入。将此操作应用于cluster资源。

bypassDefaultMaxTimeMS

All queries run by the user ignore the value of the defaultMaxTimeMS parameter.用户运行的所有查询都忽略defaultMaxTimeMS参数的值。

New in version 8.0.在版本8.0中新增。

closeAllDatabases

User can perform the deprecated closeAllDatabases command. Apply this action to the cluster resource.用户可以执行已弃用的closeAllDatabases命令。将此操作应用于cluster资源。

collMod

User can perform the collMod command. Apply this action to database or collection resources.用户可以执行collMod命令。将此操作应用于数据库或集合资源。

compact

User can perform the compact command and autoCompact commands. Apply this action to database or collection resources.用户可以执行compact(压缩)命令和autoCompact命令。将此操作应用于数据库或集合资源。

compactStructuredEncryptionData

User can perform the compactStructuredEncryptionData command. Apply this action to database or collection resources.用户可以执行compactStructuredEncryptionData命令。将此操作应用于数据库或集合资源。

connPoolSync

User can perform the internal connPoolSync command. Apply this action to the cluster resource.用户可以执行内部connPoolSync命令。将此操作应用于cluster资源。

convertToCapped

User can perform the convertToCapped command. Apply this action to database or collection resources.用户可以执行convertToCapped命令。将此操作应用于数据库或集合资源。

dropConnections

User can perform the dropConnections command. Apply this action to the cluster resource.用户可以执行dropConnections命令。将此操作应用于cluster资源。

dropDatabase

User can perform the dropDatabase command. Apply this action to database resources.用户可以执行dropDatabase命令。将此操作应用于数据库资源。

dropIndex

User can perform the dropIndexes command. Apply this action to database or collection resources.用户可以执行dropIndexes命令。将此操作应用于数据库或集合资源。

forceUUID

User can create a collection with a user-defined collection UUID using the applyOps command.用户可以使用applyOps命令创建具有用户定义的集合UUID的集合。

Apply this action to the cluster resource.将此操作应用于cluster资源。

fsync

User can perform the fsync command. Apply this action to the cluster resource.用户可以执行fsync命令。将此操作应用于cluster资源。

getDefaultRWConcern

User can issue the administrative getDefaultRWConcern command. Apply this action to the cluster resource.用户可以发出管理getDefaultRWConcern命令。将此操作应用于cluster资源。

getParameter

User can perform the getParameter command. Apply this action to the cluster resource.用户可以执行getParameter命令。将此操作应用于cluster资源。

hostInfo

Provides information about the server the MongoDB instance runs on. Apply this action to the cluster resource.提供有关MongoDB实例运行的服务器的信息。将此操作应用于cluster资源。

oidReset

Required to reset the 5 byte random string that is used in the ObjectID.需要重置ObjectID中使用的5字节随机字符串。

logRotate

User can perform the logRotate command. Apply this action to the cluster resource.用户可以执行logRotate命令。将此操作应用于cluster资源。

reIndex

User can perform the reIndex command. Apply this action to database or collection resources.用户可以执行reIndex命令。将此操作应用于数据库或集合资源。

renameCollectionSameDB

Allows the user to rename collections on the current database using the renameCollection command. Apply this action to database resources.允许用户使用renameCollection命令重命名当前数据库上的集合。将此操作应用于数据库资源。

Additionally, the user must either have find on the source collection or not have find on the destination collection.此外,用户必须在源集合上找到或在目标集合上没有找到。

If a collection with the new name already exists, the user must also have the dropCollection action on the destination collection.如果已存在具有新名称的集合,则用户还必须对目标集合执行dropCollection操作。

rotateCertificates

User can perform the rotateCertificates command command. Apply this action to the cluster resource.用户可以执行rotateCertificates命令。将此操作应用于cluster资源。

setDefaultRWConcern

User can issue the administrative setDefaultRWConcern command. Apply this action to the cluster resource.用户可以发出管理setDefaultRWConcern命令。将此操作应用于cluster资源。

setParameter

User can perform the setParameter command. Apply this action to the cluster resource.用户可以执行setParameter命令。将此操作应用于cluster资源。

setUserWriteBlockMode

User can perform the setUserWriteBlockMode command. Apply this action to the cluster resource.用户可以执行setUserWriteBlockMode命令。将此操作应用于cluster资源。

shutdown

User can perform the shutdown command. Apply this action to the cluster resource.用户可以执行shutdown(关机)命令。将此操作应用于cluster资源。

touch

User can perform the deprecated touch command. Apply this action to the cluster resource.用户可以执行已弃用的touch(触摸)命令。将此操作应用于cluster资源。

Session Actions会话操作

impersonate

User can perform the killAllSessionsByPattern command with users and roles pattern. Apply this action to the cluster resource.用户可以使用usersroles模式执行killAllSessionsByPattern命令。将此操作应用于cluster资源。

To run killAllSessionsByPattern command, users must also have killAnySession privileges on the cluster resource.要运行killAllSessionsByPattern命令,用户还必须对集群资源具有killAnySession权限。

listSessions

User can perform the $listSessions operation or $listLocalSessions operation for all users or specified user(s). Apply this action to the cluster resource.用户可以对所有用户或指定用户执行$listSessions操作或$listLocalSessions操作。将此操作应用于cluster资源。

killAnySession

User can perform the killAllSessions and the killAllSessionsByPattern command. Apply this action to the cluster resource.用户可以执行killAllSessionskillAllSessionsByPattern命令。将此操作应用于cluster资源。

Tip

impersonate

MongoDB Search Index ActionsMongoDB搜索索引操作

The following actions enable users to run MongoDB Search Database Commands. 以下操作使用户能够运行MongoDB搜索数据库命令These actions are only relevant for deployments hosted on MongoDB Atlas.这些操作仅与MongoDB Atlas上托管的部署相关。

createSearchIndexes

User can run the createSearchIndexes database command. Apply this action to the database, collection, or view resource.用户可以运行createSearchIndexes数据库命令。将此操作应用于数据库、集合或视图资源。

dropSearchIndex

User can run the dropSearchIndex database command. Apply this action to the database, collection, or view resource.用户可以运行dropSearchIndex数据库命令。将此操作应用于数据库、集合或视图资源。

listSearchIndexes

User can run the $listSearchIndexes aggregation stage. Apply this action to the database, collection, or view resource.用户可以运行$listSearchIndexes聚合阶段。将此操作应用于数据库、集合或视图资源。

updateSearchIndex

User can run the updateSearchIndex database command. Apply this action to the database, collection, or view resource.用户可以运行updateSearchIndex数据库命令。将此操作应用于数据库、集合或视图资源。

Diagnostic Actions诊断操作

collStats

User can perform the collStats command. Apply this action to database or collection resources.用户可以执行collStats命令。将此操作应用于数据库或集合资源。

connPoolStats

User can perform the connPoolStats command. Apply this action to the cluster resource.用户可以执行connPoolStats命令。将此操作应用于cluster资源。

dbHash

User can perform the dbHash command. Apply this action to database or collection resources.用户可以执行dbHash命令。将此操作应用于数据库或集合资源。

dbStats

User can perform the dbStats command. Apply this action to database resources.用户可以执行dbStats命令。将此操作应用于数据库资源。

getCmdLineOpts

User can perform the getCmdLineOpts command. Apply this action to the cluster resource.用户可以执行getCmdLineOpts命令。将此操作应用于cluster资源。

getLog

User can perform the getLog command. Apply this action to the cluster resource.用户可以执行getLog命令。将此操作应用于cluster资源。

indexStats

User can run the $indexStats aggregation pipeline stage. Apply this action to database or collection resources.用户可以运行$indexStats聚合管道阶段。将此操作应用于数据库或集合资源。

To use the $indexStats stage, users must authenticate with at least the clusterMonitor role.要使用$indexStats阶段,用户必须至少使用clusterMonitor角色进行身份验证。

listClusterCatalog

User can run the $listClusterCatalog aggregation pipeline stage on the admin database. 用户可以在admin数据库上运行$listClusterCatalog聚合管道阶段。To run $listClusterCatalog on the admin database, users must authenticate with the clusterMonitor role.要在admin数据库上运行$listClusterCatalog,用户必须使用clusterMonitor角色进行身份验证。

listDatabases

User can perform the listDatabases command. Apply this action to the cluster resource.用户可以执行listDatabases命令。将此操作应用于cluster资源。

If the user does not have the listDatabases privilege action, users can run the listDatabases command to return a list of databases for which the user has privileges (including databases for which the user has privileges on specific collections) if the command is run with authorizedDatabases option unspecified or set to true.如果用户没有listDatabases权限操作,并且未指定authorizedDatabases选项或将其设置为true,则用户可以运行listDatabases命令以返回用户具有权限的数据库列表(包括用户在特定集合上具有权限的数据库)。

listCollections

User can perform the listCollections command. Apply this action to database resources.用户可以执行listCollections命令。将此操作应用于数据库资源。

Note

Users without the required privilege can run the listCollections command with both authorizedCollections and nameOnly options set to true. 没有所需权限的用户可以在authorizedCollectionsnameOnly选项都设置为true的情况下运行listCollections命令。In this case, the command returns just the name and type of the collection(s) to which the user has privileges.在这种情况下,该命令仅返回用户有权限访问的集合的名称和类型。

listIndexes

User can perform the listIndexes command. Apply this action to database or collection resources.用户可以执行listIndexes命令。将此操作应用于数据库或集合资源。

queryStatsRead

User can run the $queryStats aggregation stage without the transformIdentifiers option.用户可以在不使用transformIdentifiers选项的情况下运行$queryStats聚合阶段。

queryStatsReadTransformed

User can run the $queryStats aggregation stage with or without the transformIdentifiers option.用户可以在有或没有transformIdentifiers选项的情况下运行$queryStats聚合阶段。

serverStatus

User can perform the serverStatus command. Apply this action to the cluster resource.用户可以执行serverStatus命令。将此操作应用于cluster资源。

validate

User can perform the validate and validateDBMetadata commands. Apply this action to database or collection resources.用户可以执行validatevalidateDBMetadata命令。将此操作应用于数据库或集合资源。

top

User can perform the top command. Apply this action to the cluster resource.用户可以执行top命令。将此操作应用于cluster资源。

Internal Actions内部行动

anyAction
Allows any action on a resource. Do not assign this action unless it is absolutely necessary.允许对资源执行任何操作。除非绝对必要,否则不要指定此操作。
internal
Allows internal actions. Do not assign this action unless it is absolutely necessary.允许内部操作。除非绝对必要,否则不要指定此操作。
applyOps
User can perform the applyOps command. Apply this action to a cluster resource.用户可以执行applyOps命令。将此操作应用于cluster资源。