Loading...

XML

Word

Printable

JSON

createRole (for empty user-defined roles) can be run by any user, and can also be run when not logged in at all.

> db.runCommand(

{ createRole: "sam", privileges: [], roles: [] }

)

{ "ok" : 1 }

When the role we are trying to create contains any linked roles or privileges, the command fails with an auth error:

> db.runCommand(

{ createRole: "dave", privileges: [], roles: [ "sam" ] }

)
{
"ok" : 0,
"errmsg" : "not authorized on test to execute command

{ createRole: \"dave\", privileges: [], roles: [ \"sam\" ] }

",
"code" : 13
}

> db.runCommand(

{ createRole: "amalia", privileges: [], roles: [ "read" ] }

)
{
"ok" : 0,
"errmsg" : "not authorized on test to execute command

{ createRole: \"amalia\", privileges: [], roles: [ \"read\" ] }

",
"code" : 13
}

> var priv = { resource:

{ db: "test", collection: "" }

, actions: [ "find" ] }
> db.runCommand(

{ createRole: "jeremy", privileges: [ priv ], roles: [] }

)
{
"ok" : 0,
"errmsg" : "not authorized on test to execute command { createRole: \"jeremy\", privileges: [ { resource:

{ db: \"test\", collection: \"\" }

, actions: [ \"find\" ] } ], roles: [] }",
"code" : 13
}