Join Kirby Kohlmorgen for an in-depth discussion in this video Authorization model, part of MongoDB: Security.
- [Voiceover] In this video we're going to talk about the authorization model that is used with MongoDB. MongoDB actually follows a very straightforward and common authorization model. And that model is role based access control. Role Based Access Control as the name implies is a model where for any given User we're going to go ahead and assign a Role to that User. And that Role is going to be assigned over a given namespace.
In the context of MongoDB a namespace is just a database. For example, here we have a user named kirby and kirby has the readWrite Role, which has been granted to him for the products database. And this makes a lot of sense given the command that we've been using to create users. As you can see here, this is really just a one to one relationship. We have a user named kirby, a role called the readWrite role, and the readWrite role is for the products database.
Now that we have a general idea of what role based access control is let's go ahead and breakdown where a role is. The formal definition of a role, with regards to role based access control is the following, Roles are groups of privileges, actions over resources, that are granted to users over a given namespace, commonly referred to as a database. So we know what users are, and we obviously know what databases are, but what are privileges, actions, and resources? Let's go ahead and take a closer look at these three things and how they relate together to define roles.
Let's first talk about Actions. All operations and commands that a User can preform in MongoDB are called Actions. And Actions are preformed on Resources. Resources are any objects that hold state in our database. For example, a collection, a database, or a database cluster. And when a user preforms an Action on a given Resource that constitutes a Privilege. And if we then go ahead and group a bunch of these Privileges together, we can go ahead and rename that group of Privileges just a Role.
This sentence should make a lot more sense now. I'm going to go ahead and say it again. Roles are groups of privileges, actions over resources, that are granted to users over a given database. We've now looked at all of the different parts that make up this definition of a role. So you should have a much better understanding of what roles are in the context of MongoDB.
This course was created by MongoDB University. We are pleased to host this training in our library.
- Authentication vs. authorization
- Authentication methods
- Authorization and encryption
- Role-based access control
- Creating a sys admin
- Granting new privileges to a role
- Describing auditing capabilities
- Enabling the first audit filter
- Security checklists and reports