Docs Menu
Docs Home
/
MongoDB Manual
/
Reference
/
mongo Shell Methods
/
Role Management Methods

db.getRoles()

On this page

  • Definition
  • Required Access
  • Examples
  • Show Role Privileges and Built-In Roles
  • Show Authentication Restrictions

Definition

db.getRoles()

Returns information for all the roles in the database on which the command runs. The method can be run with or without an argument.

If run without an argument, db.getRoles() returns inheritance information for the database's user-defined roles.

To return more information, pass the db.getRoles() a document with the following fields:

Field
Type
Description
rolesInfo
integer
Set this field to 1 to retrieve all user-defined roles.
showAuthenticationRestrictions
boolean

Optional. Set this field to true to include authentication restrictions in the output. Authentication restrictions indicate the IP addresses that users with this role can connect to and from.

By default, this field is false, meaning that the db.getRoles() output does not include authentication restrictions.

showBuiltinRoles
boolean
Optional. Set this field to true to display built-in roles as well as user-defined roles.
showPrivileges
boolean
Optional. Set this field to true to show role privileges, including both privileges inherited from other roles and privileges defined directly. By default, the command returns only the roles from which this role inherits privileges and does not return specific privileges.

db.getRoles() wraps the rolesInfo command.

Required Access

To view a role's information, you must be either explicitly granted the role or must have the viewRole action on the role's database.

Examples

The examples in this section show how to use db.getRoles to:

Show Role Privileges and Built-In Roles

The following operation returns all the roles on the products database, including role privileges and built-in roles:

use products
db.getRoles(
    {
      rolesInfo: 1,
      showPrivileges: true,
      showBuiltinRoles: true
    }
)

Example output (shortened for readability):

{
  roles: [
    {
      role: 'dbOwner',
      db: 'products',
      isBuiltin: true,
      roles: [],
      inheritedRoles: [],
      privileges: [
        {
          resource: { db: 'products', collection: '' },
          actions: [
            'analyze',
            'bypassDocumentValidation',
            'changeCustomData',
            ...
          ]
        },
        {
          resource: { db: 'products', collection: 'system.profile' },
          actions: [
            'changeStream',
            'collStats',
            'convertToCapped',
            ...
          ]
        }
      ],
      inheritedPrivileges: [
        {
          resource: { db: 'products', collection: '' },
          actions: [
            'analyze',
            'bypassDocumentValidation',
            'changeCustomData',
            ...
          ]
        }
      ]
    },
    ...
  ]
}

Show Authentication Restrictions

The following operation returns role inheritance information and authentication restrictions for all user-defined roles on the product database:

use products
db.getRoles( { rolesInfo: 1, showAuthenticationRestrictions: true } )

Example output:

{
  roles: [
    {
      _id: 'products.associate',
      role: 'associate',
      db: 'products',
      roles: [ { role: 'readWrite', db: 'products' } ],
      authenticationRestrictions: [
        [ { clientSource: [ '198.51.100.0' ] } ]
      ],
      isBuiltin: false,
      inheritedRoles: [ { role: 'readWrite', db: 'products' } ],
      inheritedAuthenticationRestrictions: [
        [ { clientSource: [ '198.51.100.0' ] } ]
      ]
    }
  ],
  ok: 1
}

Back

db.getRole()

Next

db.grantPrivilegesToRole()