/
rolesInfo.txt
285 lines (193 loc) · 7.29 KB
/
rolesInfo.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
=========
rolesInfo
=========
.. default-domain:: mongodb
.. contents:: On this page
:local:
:backlinks: none
:depth: 1
:class: singlecol
Definition
----------
.. dbcommand:: rolesInfo
Returns inheritance and privilege information for specified roles,
including both :ref:`user-defined roles <user-defined-roles>` and
:ref:`built-in roles <built-in-roles>`.
The :dbcommand:`rolesInfo` command can also retrieve all roles
scoped to a database.
The command has the following fields:
.. list-table::
:header-rows: 1
:widths: 20 20 80
* - Field
- Type
- Description
* - ``rolesInfo``
- string, document, array, or integer
- The role(s) to return information about. For the syntax for specifying
roles, see :ref:`rolesinfo-behavior`.
* - ``showPrivileges``
- boolean
- Optional. Set the field to ``true`` to show role privileges, including both privileges
inherited from other roles and privileges defined directly. By default, the
command returns only the roles from which this role inherits privileges and
does not return specific privileges.
* - ``showBuiltinRoles``
- boolean
- Optional. When the ``rolesInfo`` field is set to ``1``, set ``showBuiltinRoles`` to
``true`` to include :ref:`built-in roles <built-in-roles>` in the output.
By default this field is set to ``false``, and the output for ``rolesInfo:
1`` displays only :ref:`user-defined roles <user-defined-roles>`.
.. _rolesinfo-behavior:
Behavior
--------
Return Information for a Single Role
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To specify a role from the current database, specify the role by its name:
.. code-block:: javascript
{ rolesInfo: "<rolename>" }
To specify a role from another database, specify the role by a document that
specifies the role and database:
.. code-block:: javascript
{ rolesInfo: { role: "<rolename>", db: "<database>" } }
Return Information for Multiple Roles
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To specify multiple roles, use an array. Specify each role in the array as a
document or string. Use a string only if the role exists on the database on
which the command runs:
.. code-block:: javascript
{
rolesInfo: [
"<rolename>",
{ role: "<rolename>", db: "<database>" },
...
]
}
Return Information for All Roles in the Database
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To specify all roles in the database on which the command runs, specify
``rolesInfo: 1``. By default MongoDB displays all the :ref:`user-defined roles
<user-defined-roles>` in the database. To include :ref:`built-in roles
<built-in-roles>` as well, include the parameter-value pair
``showBuiltinRoles: true``:
.. code-block:: javascript
{ rolesInfo: 1, showBuiltinRoles: true }
Required Access
---------------
.. include:: /includes/access-roles-info.rst
.. _rolesinfo-output:
Output
------
.. data:: rolesInfo.role
The name of the role.
.. data:: rolesInfo.db
The database on which the role is defined. Every database has :ref:`built-in
roles <built-in-roles>`. A database might also have :ref:`user-defined
roles <user-defined-roles>`.
.. data:: rolesInfo.isBuiltin
A value of ``true`` indicates the role is a :ref:`built-in role
<built-in-roles>`. A value of ``false`` indicates the role is a
:ref:`user-defined role <user-defined-roles>`.
.. data:: rolesInfo.roles
The roles that directly provide privileges to this role and the databases
on which the roles are defined.
.. data:: rolesInfo.inheritedRoles
All roles from which this role inherits privileges. This includes the roles
in the :data:`rolesInfo.roles` array as well as the roles from which the
roles in the :data:`rolesInfo.roles` array inherit privileges. All
privileges apply to the current role. The documents in this field list the
roles and the databases on which they are defined.
.. data:: rolesInfo.privileges
The privileges directly specified by this role; i.e. the array
excludes privileges inherited from other roles. By default the
output does not include the :data:`~rolesInfo.privileges` field. To
include the field, specify ``showPrivileges: true`` when running the
:dbcommand:`rolesInfo` command.
Each privilege document specifies the :ref:`resources
<resource-document>` and the :doc:`actions
</reference/privilege-actions>` allowed on the resources.
.. data:: rolesInfo.inheritedPrivileges
All privileges granted by this role, including those inherited from
other roles. By default the output does not include the
:data:`~rolesInfo.inheritedPrivileges` field. To include the field,
specify ``showPrivileges: true`` when running the
:dbcommand:`rolesInfo` command.
Each privilege document specifies the :ref:`resources
<resource-document>` and the :doc:`actions
</reference/privilege-actions>` allowed on the resources.
Examples
--------
View Information for a Single Role
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command returns the role inheritance information for the
role ``associate`` defined in the ``products`` database:
.. code-block:: javascript
db.runCommand(
{
rolesInfo: { role: "associate", db: "products" }
}
)
The following command returns the role inheritance information for the role
``siteManager`` on the database on which the command runs:
.. code-block:: javascript
db.runCommand(
{
rolesInfo: "siteManager"
}
)
The following command returns *both* the role inheritance and the privileges
for the role ``associate`` defined on the ``products`` database:
.. code-block:: javascript
db.runCommand(
{
rolesInfo: { role: "associate", db: "products" },
showPrivileges: true
}
)
View Information for Several Roles
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following command returns information for two roles on two different
databases:
.. code-block:: javascript
db.runCommand(
{
rolesInfo: [
{ role: "associate", db: "products" },
{ role: "manager", db: "resources" }
]
}
)
The following returns *both* the role inheritance and the privileges:
.. code-block:: javascript
db.runCommand(
{
rolesInfo: [
{ role: "associate", db: "products" },
{ role: "manager", db: "resources" }
],
showPrivileges: true
}
)
View All User-Defined Roles for a Database
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following operation returns all :ref:`user-defined roles
<user-defined-roles>` on the database on which the command runs and includes
privileges:
.. code-block:: javascript
db.runCommand(
{
rolesInfo: 1,
showPrivileges: true
}
)
View All User-Defined and Built-In Roles for a Database
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The following operation returns all roles on the database on which the command
runs, including both built-in and user-defined roles:
.. code-block:: javascript
db.runCommand(
{
rolesInfo: 1,
showBuiltinRoles: true
}
)