This article lists the minimum MongoDB privileges a provider user needs for account discovery and password rotation in Devolutions Server.
| Permission | Scope | Why |
|---|---|---|
listDatabases |
cluster |
Allow to list all databases on the cluster. This is needed to be able to list any accessible database for the account discovery feature. |
viewUser |
Account discovery feature | |
changePassword |
Password rotation feature |
Below is an example of a provider role for a user with privileges limited to two specific databases:
db.createRole({
role: "provider",
privileges: [
{ resource: { cluster: true }, actions: ["listDatabases"] },
{ resource: { db: "Database1", collection: "" }, actions: [ "viewUser", "changePassword" ] },
{ resource: { db: "Database2", collection: "" }, actions: [ "viewUser", "changePassword" ] }
],
roles: []
})
Partagez vos commentaires