User-Defined Roles

New in version 2.6.

MongoDB provides a number of built-in roles. However, if these roles cannot describe thedesired set of privileges, you can create new roles.

Role Management Interface

To add a role, MongoDB provides the db.createRole() method.MongoDB also provides methods to update existing user-defined roles. Fora full list of role management methods, seeRole Management.

Scope

When adding a role, you create the role in a specific database. MongoDBuses the combination of the database and the role name to uniquelydefine a role.

Except for roles created in the admin database, a role can onlyinclude privileges that apply to its database and can only inherit fromother roles in its database.

A role created in the admin database can include privileges thatapply to the admin database, other databases or to thecluster resource, and can inherit from rolesin other databases as well as the admin database.

Centralized Role Data

MongoDB stores all role information in the system.roles collection in the admin database

Do not access this collection directly but instead use the rolemanagement commands to view and edit custom roles.