mongodb 内建角色与权限

整理了一下mongodb常用的几个内建角色，

role action	read (every)	readWrite (every)	dbAdmin (every)	userAdmin (every)	dbOwner (every)	backup (admin)	restore (admin)
changeCustomData				√	√
changePassword				√	√
createRole				√	√
createUser				√	√
dropRole				√	√
dropUser				√	√
grantRole				√	√
revokeRole				√	√
viewRole				√	√
viewUser				√	√
collStats	√	√	√		√
collMod			√		√		√
compact			√		√
convertToCapped		√	√		√
createCollection		√	√		√		√
createIndex		√	√		√		√
dbHash	√	√	√		√
dbStats	√	√	√		√
dropCollection		√	√		√		√
dropDatabase			√		√
dropIndex		√	√		√
emptycapped		√			√
enableProfiler			√		√
find	√	√			√		√
insert		√			√	√	√
indexStats			√		√
killCursors	√	√	√		√
reIndex			√		√
remove		√			√		√
renameCollectionSameDB		√	√		√
repairDatabase			√		√
storageDetails			√		√
update		√			√	√	√
validate			√		√

 

mongodb还有几个角色readAnyDatabase、readWriteAnyDatabase、userAdminAnyDatabase、dbAdminAnyDatabase，这几个角色和上面的read、readWrite、userAdmin、dbAdmin很相似，不同点是这四个角色是针对所有库的。例如拥有{ role: "read", db: "test" }，该用户只能对test库有读权限，但如果有{ role: "readAnyDatabase", db: "admin" }，则该用户对所有库都有读权限。

参考：

http://docs.mongodb.org/manual/reference/built-in-roles/