New in version 2.6.

On this page

• Query and Write Actions
• Database Management Actions
• Deployment Management Actions
• Change Stream Actions
• Replication Actions
• Sharding Actions
• Server Administration Actions
• Session Actions
• Diagnostic Actions
• Internal Actions

Query and Write Actions

find

User can perform the following commands, and their equivalent helper methods:

• aggregate for all pipeline operations except $collStats, $out, and $indexStats.
• checkShardingIndex
• count
• dataSize
• distinct
• filemd5
• find
• geoNear
• geoSearch
• getLastError
• getMore
• getPrevError
• group
• killCursors, provided that the cursor is associated with a currently authenticated user.
• listCollections
• listIndexes
• mapReduce with the {out: inline} option.
• parallelCollectionScan
• resetError

Required for the query portion of the mapReduce command and db.collection.mapReduce helper method when outputting to a collection.

Required for the query portion of the findAndModify command and db.collection.findAndModify helper method.

Required on the source collection for the cloneCollectionAsCapped and renameCollection commands and the db.collection.renameCollection() helper method.

Apply this action to database or collection resources.

insert

User can perform the following commands and their equivalent methods:

• insert
• create

Required for the output portion of the mapReduce command and db.collection.mapReduce() helper method when outputting to a collection.

Required for the aggregate command and db.collection.aggregate() helper method when using the $out pipeline operator.

Required for the update and findAndModify commands and equivalent helper methods when used with the upsert option.

Required on the destination collection for the following commands and their helper methods:

• clone
• cloneCollection
• cloneCollectionAsCapped
• copydb
• renameCollection

Apply this action to database or collection resources.

remove

User can perform the delete command and equivalent helper method.

Required for the write portion of the findAndModify command and db.collection.findAndModify() method.

Required for the mapReduce command and db.collection.mapReduce() helper method when you specify the replace action when outputting to a collection.

Required for the aggregate command and db.collection.aggregate() helper method when using the $out pipeline operator.

Apply this action to database or collection resources.

update

User can perform the update command and equivalent helper methods.

Required for the mapReduce command and db.collection.mapReduce() helper method when outputting to a collection without specifying the replace action.

Required for the findAndModify command and db.collection.findAndModify() helper method.

Apply this action to database or collection resources.

bypassDocumentValidation

New in version 3.2.

Users can bypass document validation on commands and methods that support the bypassDocumentValidation option:

Command	Method
aggregate	db.collection.aggregate()
applyOps
cloneCollection on the destination collection
clone on the destination
copydb on the destination
findAndModify	db.collection.findAndModify()
insert
mapReduce	db.collection.mapReduce()
update

Apply this action to database or collection resources.

useUUID

New in version 3.6.

User can execute the following commands using a UUID as if it were a namespace:

• find
• listIndexes
• parallelCollectionScan

For example, this privilege authorizes a user to run the following command which executes a find command on a collection with the given UUID. In order to be successful, this operation also requires that the user is authorized to execute the find command on the collection namespace corresponding to the given UUID.

copy

db.runCommand({find: UUID("123e4567-e89b-12d3-a456-426655440000")})

For more information on collection UUIDs, see Collections.

Apply this action to the cluster resource.

Database Management Actions

changeCustomData

User can change the custom information of any user in the given database. Apply this action to database resources.

changeOwnCustomData

Users can change their own custom information. Apply this action to database resources. See also Change Your Password and Custom Data.

changeOwnPassword

Users can change their own passwords. Apply this action to database resources. See also Change Your Password and Custom Data.

changePassword

User can change the password of any user in the given database. Apply this action to database resources.

createCollection

User can perform the db.createCollection() method. Apply this action to database or collection resources.

createIndex

Provides access to the db.collection.createIndex() method and the createIndexes command. Apply this action to database or collection resources.

createRole

User can create new roles in the given database. Apply this action to database resources.

createUser

User can create new users in the given database. Apply this action to database resources.

dropCollection

User can perform the db.collection.drop() method. Apply this action to database or collection resources.

dropRole

User can delete any role from the given database. Apply this action to database resources.

dropUser

User can remove any user from the given database. Apply this action to database resources.

enableProfiler

User can perform the db.setProfilingLevel() method. Apply this action to database resources.

grantRole

User can grant any role in the database to any user from any database in the system. Apply this action to database resources.

killCursors