-
Notifications
You must be signed in to change notification settings - Fork 1.7k
/
resource-document.txt
148 lines (98 loc) · 4.19 KB
/
resource-document.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
.. _resource-document:
=================
Resource Document
=================
.. default-domain:: mongodb
.. contents:: On this page
:local:
:backlinks: none
:depth: 1
:class: singlecol
The resource document specifies the resources upon which a
privilege permits ``actions``.
Database and/or Collection Resource
-----------------------------------
To specify databases and/or collections, use the following syntax:
.. code-block:: javascript
{ db: <database>, collection: <collection> }
.. _resource-specific-db-collection:
Specify a Collection of a Database as Resource
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If the resource document species both the ``db`` and ``collection``
fields as non-empty strings, the resource is the specified
collection in the specified database. For example, the following
document specifies a resource of the ``inventory`` collection in the
``products`` database:
.. code-block:: javascript
{ db: "products", collection: "inventory" }
.. include:: /includes/resource-document-facts.rst
:end-before: admin-resources
.. _resource-specific-db:
Specify a Database as Resource
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If only the ``collection`` field is an empty string (``""``), the
resource is the specified database, excluding the :doc:`system
collections </reference/system-collections>`. For example, the
following resource document specifies the resource of the ``test``
database, excluding the system collections:
.. code-block:: javascript
{ db: "test", collection: "" }
.. include:: /includes/resource-document-facts.rst
:end-before: admin-resources
.. note:: When you specify a database as the resource, the system
collections are excluded, unless you name them explicitly, as in the
following:
.. code-block:: javascript
{ db: "test", collection: "system.namespaces" }
System collections include but are not limited to the following:
- :data:`<database>.system.profile`
- :data:`<database>.system.namespaces`
- :data:`<database>.system.indexes`
- :data:`<database>.system.js`
- :data:`local.system.replset`
- :doc:`/reference/system-users-collection` in the ``admin`` database
- :doc:`/reference/system-roles-collection` in the ``admin`` database
.. _resource-specific-collection:
Specify Collections Across Databases as Resource
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If only the ``db`` field is an empty string (``""``), the resource is
all collections with the specified name across all databases. For
example, the following document specifies the resource of all
the ``accounts`` collections across all the databases:
.. code-block:: javascript
{ db: "", collection: "accounts" }
.. include:: /includes/resource-document-facts.rst
:start-after: admin-resources
.. _resource-all-but-system-collections:
Specify All Non-System Collections in All Databases
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If both the ``db`` and ``collection`` fields are empty strings
(``""``), the resource is all collections, excluding the :doc:`system
collections </reference/system-collections>`, in all the databases:
.. code-block:: javascript
{ db: "", collection: "" }
.. include:: /includes/resource-document-facts.rst
:start-after: admin-resources
.. _resource-cluster:
Cluster Resource
----------------
To specify the cluster as the resource, use the following syntax:
.. code-block:: javascript
{ cluster : true }
Use the ``cluster`` resource for actions that affect the state of the
system rather than act on specific set of databases or collections.
Examples of such actions are ``shutdown``, ``replSetReconfig``, and
``addShard``. For example, the following document grants the action
``shutdown`` on the ``cluster``.
.. code-block:: javascript
{ resource: { cluster : true }, actions: [ "shutdown" ] }
.. include:: /includes/resource-document-facts.rst
:start-after: admin-resources
.. _resource-anyresource:
.. _anyResource:
``anyResource``
---------------
The internal resource ``anyResource`` gives access to every resource in
the system and is intended for internal use. **Do not** use this resource,
other than in exceptional circumstances. The syntax for this resource is
``{ anyResource: true }``.