rolesInfo¶

On this page

Definition
Behavior
Required Access
Output
Examples

Definition¶

rolesInfo¶

Returns inheritance and privilege information for specified roles, including both user-defined roles and built-in roles.

The rolesInfo command can also retrieve all roles scoped to a database.

To match a single role on the database, use the following form:

copy

{
  rolesInfo: { role: <name>, db: <db> },
  showPrivileges: <Boolean>,
  showBuiltinRoles: <Boolean>
}

rolesInfo has the following fields:

Field	Type	Description
`rolesInfo`	string, document, array, or integer	The role(s) to return information about. For the syntax for specifying roles, see Behavior.
`showPrivileges`	boolean	Optional. Set the field to `true` to show role privileges, including both privileges inherited from other roles and privileges defined directly. By default, the command returns only the roles from which this role inherits privileges and does not return specific privileges.
`showBuiltinRoles`	boolean	Optional. When the `rolesInfo` field is set to `1`, set `showBuiltinRoles` to `true` to include built-in roles in the output. By default this field is set to `false`, and the output for `rolesInfo: 1` displays only user-defined roles.

Behavior¶

Return Information for a Single Role¶

To specify a role from the current database, specify the role by its name:

copy

{ rolesInfo: "<rolename>" }

To specify a role from another database, specify the role by a document that specifies the role and database:

copy

{ rolesInfo: { role: "<rolename>", db: "<database>" } }

Return Information for Multiple Roles¶

To specify multiple roles, use an array. Specify each role in the array as a document or string. Use a string only if the role exists on the database on which the command runs:

copy

{
  rolesInfo: [
     "<rolename>",
     { role: "<rolename>", db: "<database>" },
     ...
  ]
}

Return Information for All Roles in the Database¶

To specify all roles in the database on which the command runs, specify rolesInfo: 1. By default MongoDB displays all the user-defined roles in the database. To include built-in roles as well, include the parameter-value pair showBuiltinRoles: true:

copy

{ rolesInfo: 1, showBuiltinRoles: true }

Required Access¶

To view a role’s information, you must be either explicitly granted the role or must have the viewRole action on the role’s database.

Output¶

rolesInfo.role¶: The name of the role.

rolesInfo.db¶: The database on which the role is defined. Every database has built-in roles. A database might also have user-defined roles.

rolesInfo.isBuiltin¶: A value of true indicates the role is a built-in role. A value of false indicates the role is a user-defined role.

rolesInfo.roles¶: The roles that directly provide privileges to this role and the databases on which the roles are defined.

rolesInfo.inheritedRoles¶: All roles from which this role inherits privileges. This includes the roles in the rolesInfo.roles array as well as the roles from which the roles in the rolesInfo.roles array inherit privileges. All privileges apply to the current role. The documents in this field list the roles and the databases on which they are defined.

rolesInfo.privileges¶

The privileges directly specified by this role; i.e. the array excludes privileges inherited from other roles. By default the output does not include the privileges field. To include the field, specify showPrivileges: true when running the rolesInfo command.

Each privilege document specifies the resources and the actions allowed on the resources.

rolesInfo.inheritedPrivileges¶

All privileges granted by this role, including those inherited from other roles. By default the output does not include the inheritedPrivileges field. To include the field, specify showPrivileges: true when running the rolesInfo command.

Each privilege document specifies the resources and the actions allowed on the resources.

Examples¶

View Information for a Single Role¶

The following command returns the role inheritance information for the role associate defined in the products database:

copy

db.runCommand(
    {
      rolesInfo: { role: "associate", db: "products" }
    }
)

The following command returns the role inheritance information for the role siteManager on the database on which the command runs:

copy

db.runCommand(
    {
      rolesInfo: "siteManager"
    }
)

The following command returns both the role inheritance and the privileges for the role associate defined on the products database:

copy

db.runCommand(
    {
      rolesInfo: { role: "associate", db: "products" },
      showPrivileges: true
    }
)

View Information for Several Roles¶

The following command returns information for two roles on two different databases:

copy

db.runCommand(
    {
      rolesInfo: [
         { role: "associate", db: "products" },
         { role: "manager", db: "resources" }
      ]
    }
)

The following returns both the role inheritance and the privileges:

copy

db.runCommand(
    {
      rolesInfo: [
         { role: "associate", db: "products" },
         { role: "manager", db: "resources" }
      ],
      showPrivileges: true
    }
)

View All User-Defined Roles for a Database¶

The following operation returns all user-defined roles on the database on which the command runs and includes privileges:

copy

db.runCommand(
    {
      rolesInfo: 1,
      showPrivileges: true
    }
)

View All User-Defined and Built-In Roles for a Database¶

The following operation returns all roles on the database on which the command runs, including both built-in and user-defined roles:

copy

db.runCommand(
    {
      rolesInfo: 1,
      showBuiltinRoles: true
    }
)

← revokeRolesFromRole updateRole →