@@ -7,12 +7,14 @@ rolesInfo
7
7
.. contents:: On this page
8
8
:local:
9
9
:backlinks: none
10
- :depth: 1
10
+ :depth: 2
11
11
:class: singlecol
12
12
13
13
Definition
14
14
----------
15
15
16
+ .. |getRoleMethod| replace:: ``rolesInfo``
17
+
16
18
.. dbcommand:: rolesInfo
17
19
18
20
Returns inheritance and privilege information for specified roles,
@@ -28,63 +30,54 @@ Definition
28
30
29
31
{
30
32
rolesInfo: { role: <name>, db: <db> },
31
- showPrivileges : <Boolean>,
33
+ showAuthenticationRestrictions : <Boolean>,
32
34
showBuiltinRoles: <Boolean>,
35
+ showPrivileges: <Boolean>,
33
36
comment: <any>
34
37
}
35
38
36
39
:dbcommand:`rolesInfo` has the following fields:
37
40
38
41
39
- .. list-table::
40
- :header-rows: 1
41
- :widths: 20 20 80
42
-
43
- * - Field
44
-
45
- - Type
46
-
47
- - Description
48
-
49
- * - ``rolesInfo``
50
-
51
- - string, document, array, or integer
52
-
53
- - The role(s) to return information about. For the syntax for specifying
54
- roles, see :ref:`rolesinfo-behavior`.
55
-
56
-
42
+ .. list-table::
43
+ :header-rows: 1
44
+ :widths: 20 20 80
45
+
46
+ * - Field
47
+ - Type
48
+ - Description
49
+
50
+ * - ``rolesInfo``
51
+ - string, document, array, or integer
52
+ - The role(s) to return information about. For the syntax for specifying
53
+ roles, see :ref:`rolesinfo-behavior`.
57
54
58
- * - ``showPrivileges``
59
-
60
- - boolean
61
-
62
- - Optional. Set the field to ``true`` to show role privileges, including both privileges
63
- inherited from other roles and privileges defined directly. By default, the
64
- command returns only the roles from which this role inherits privileges and
65
- does not return specific privileges.
66
-
67
-
68
-
69
- * - ``showBuiltinRoles``
70
-
71
- - boolean
72
-
73
- - Optional. When the ``rolesInfo`` field is set to ``1``, set ``showBuiltinRoles`` to
74
- ``true`` to include :ref:`built-in roles <built-in-roles>` in the output.
75
- By default this field is set to ``false``, and the output for ``rolesInfo:
76
- 1`` displays only :ref:`user-defined roles <user-defined-roles>`.
77
-
78
-
79
-
80
- * - ``comment``
81
-
82
- - any
83
-
84
- - .. include:: /includes/extracts/comment-content.rst
55
+ * - ``showAuthenticationRestrictions``
56
+ - boolean
57
+ - .. include:: /includes/fact-show-auth-restrictions-description.rst
58
+
59
+ * - ``showBuiltinRoles``
60
+ - boolean
61
+ - Optional. When the ``rolesInfo`` field is set to ``1``, set
62
+ ``showBuiltinRoles`` to ``true`` to include :ref:`built-in roles
63
+ <built-in-roles>` in the output. By default, this field is set to
64
+ ``false``, and the output for ``rolesInfo: 1`` displays only
65
+ :ref:`user-defined roles <user-defined-roles>`.
85
66
86
- .. versionadded:: 4.4
87
-
67
+ * - ``showPrivileges``
68
+ - boolean
69
+ - Optional. Set the field to ``true`` to show role privileges,
70
+ including both privileges inherited from other roles and
71
+ privileges defined directly. By default, the command returns only
72
+ the roles from which this role inherits privileges and does not
73
+ return specific privileges.
74
+
75
+ * - ``comment``
76
+ - any
77
+ - .. include:: /includes/extracts/comment-content.rst
78
+
79
+ .. versionadded:: 4.4
80
+
88
81
.. _rolesinfo-behavior:
89
82
90
83
Behavior
@@ -202,6 +195,21 @@ Output
202
195
Examples
203
196
--------
204
197
198
+ The examples in this section show how to use the ``rolesInfo`` command
199
+ to:
200
+
201
+ - :ref:`rolesInfo-example-single-role`
202
+
203
+ - :ref:`rolesInfo-example-multiple-roles`
204
+
205
+ - :ref:`rolesInfo-example-user-defined-roles`
206
+
207
+ - :ref:`rolesInfo-example-user-defined-and-built-in-roles`
208
+
209
+ - :ref:`rolesInfo-example-auth-restrictions`
210
+
211
+ .. _rolesInfo-example-single-role:
212
+
205
213
View Information for a Single Role
206
214
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
207
215
@@ -239,8 +247,10 @@ for the role ``associate`` defined on the ``products`` database:
239
247
}
240
248
)
241
249
242
- View Information for Several Roles
243
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
250
+ .. _rolesInfo-example-multiple-roles:
251
+
252
+ View Information for Multiple Roles
253
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
244
254
245
255
The following command returns information for two roles on two different
246
256
databases:
@@ -270,6 +280,8 @@ The following returns *both* the role inheritance and the privileges:
270
280
}
271
281
)
272
282
283
+ .. _rolesInfo-example-user-defined-roles:
284
+
273
285
View All User-Defined Roles for a Database
274
286
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
275
287
@@ -286,6 +298,49 @@ privileges:
286
298
}
287
299
)
288
300
301
+ Example output (shortened for readability):
302
+
303
+ .. code-block:: javascript
304
+ :copyable: false
305
+
306
+ {
307
+ roles: [
308
+ {
309
+ _id: 'products.associate',
310
+ role: 'associate',
311
+ db: 'products',
312
+ privileges: [
313
+ {
314
+ resource: { db: 'products', collection: '' },
315
+ actions: [ 'bypassDocumentValidation' ]
316
+ }
317
+ ],
318
+ roles: [ { role: 'readWrite', db: 'products' } ],
319
+ isBuiltin: false,
320
+ inheritedRoles: [ { role: 'readWrite', db: 'products' } ],
321
+ inheritedPrivileges: [
322
+ {
323
+ resource: { db: 'products', collection: '' },
324
+ actions: [ 'bypassDocumentValidation' ]
325
+ },
326
+ {
327
+ resource: { db: 'products', collection: '' },
328
+ actions: [
329
+ 'changeStream',
330
+ 'collStats',
331
+ 'compactStructuredEncryptionData',
332
+ ...
333
+ ]
334
+ },
335
+ ...
336
+ ]
337
+ }
338
+ ],
339
+ ok: 1
340
+ }
341
+
342
+ .. _rolesInfo-example-user-defined-and-built-in-roles:
343
+
289
344
View All User-Defined and Built-In Roles for a Database
290
345
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
291
346
@@ -300,3 +355,78 @@ runs, including both built-in and user-defined roles:
300
355
showBuiltinRoles: true
301
356
}
302
357
)
358
+
359
+ Example output (shortened for readability):
360
+
361
+ .. code-block:: javascript
362
+ :copyable: false
363
+
364
+ {
365
+ roles: [
366
+ {
367
+ role: 'enableSharding',
368
+ db: 'products',
369
+ isBuiltin: true,
370
+ roles: [],
371
+ inheritedRoles: []
372
+ },
373
+ {
374
+ role: 'userAdmin',
375
+ db: 'products',
376
+ isBuiltin: true,
377
+ roles: [],
378
+ inheritedRoles: []
379
+ },
380
+ {
381
+ role: 'read',
382
+ db: 'products',
383
+ isBuiltin: true,
384
+ roles: [],
385
+ inheritedRoles: []
386
+ },
387
+ ...
388
+ ],
389
+ ok: 1
390
+ }
391
+
392
+ .. _rolesInfo-example-auth-restrictions:
393
+
394
+ View Authentication Restrictions for Roles
395
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
396
+
397
+ The following operation returns all user-defined roles on the
398
+ ``products`` database and includes authentication restrictions:
399
+
400
+ .. code-block:: javascript
401
+
402
+ db.runCommand(
403
+ {
404
+ rolesInfo: 1,
405
+ showAuthenticationRestrictions: true
406
+ }
407
+ )
408
+
409
+ Example output:
410
+
411
+ .. code-block:: javascript
412
+ :copyable: false
413
+
414
+ {
415
+ roles: [
416
+ {
417
+ _id: 'products.associate',
418
+ role: 'associate',
419
+ db: 'products',
420
+ roles: [ { role: 'readWrite', db: 'products' } ],
421
+ authenticationRestrictions: [
422
+ [ { clientSource: [ '198.51.100.0' ] } ]
423
+ ],
424
+ isBuiltin: false,
425
+ inheritedRoles: [ { role: 'readWrite', db: 'products' } ],
426
+ inheritedAuthenticationRestrictions: [
427
+ [ { clientSource: [ '198.51.100.0' ] } ]
428
+ ]
429
+ }
430
+ ],
431
+ ok: 1
432
+ }
0 commit comments