CONMISANMA的正确答案——MONGODB的权限问题

原文：---------------------------------------------

Database Administration Roles

Every database includes the following database administration roles:

Role	Short Description
`dbAdmin`	Provides the ability to perform administrative tasks such as schema-related tasks, indexing, and gathering statistics. This role does not grant privileges for user and role management. For the specific privileges granted by the role, see `dbAdmin`.
`dbOwner`	The database owner can perform any administrative action on the database. This role combines the privileges granted by the `readWrite`, `dbAdmin` and `userAdmin` roles.
`userAdmin`	Provides the ability to create and modify roles and users on the current database. Since the `userAdmin` role allows users to grant any privilege to any user, including themselves, the role also indirectly provides superuser access to either the database or, if scoped to the `admin` database, the cluster. For the specific privileges granted by the role, see `userAdmin`.

Role

Short Description

dbAdmin

Provides the ability to perform administrative tasks such as schema-related tasks, indexing, and gathering statistics. This role does not grant privileges for user and role management.

For the specific privileges granted by the role, see dbAdmin.

dbOwner The database owner can perform any administrative action on the database. This role combines the privileges granted by the readWrite, dbAdmin and userAdmin roles.

userAdmin

Provides the ability to create and modify roles and users on the current database. Since the userAdmin role allows users to grant any privilege to any user, including themselves, the role also indirectly provides superuser access to either the database or, if scoped to the admin database, the cluster.

For the specific privileges granted by the role, see userAdmin.

度娘机翻：-------------------------------------------

数据库管理角色

每个数据库包括数据库管理角色：

的作用简短的描述

的作用	简短的描述
`dbadmin`	提供执行管理任务如模式相关的任务，索引的能力，和收集统计。这个角色不授予权限的用户和角色管理。对于具体的角色授予的特权，看`dbadmin`。
`dbowner`	数据库所有者可以在数据库上执行的任何行政行为。这个角色权限的结合`读写`，`dbadmin`和`useradmin`角色。
`useradmin`	提供创建和修改的当前数据库角色和用户的能力。自`useradmin` 用户角色允许任何用户授予任何特权，包括他们自己，作用也间接超级用户访问任何数据库或，如果限于`admin`数据库集群，the。对于具体的角色授予的特权，看`useradmin`。

dbadmin

提供执行管理任务如模式相关的任务，索引的能力，和收集统计。这个角色不授予权限的用户和角色管理。

对于具体的角色授予的特权，看dbadmin。

dbowner 数据库所有者可以在数据库上执行的任何行政行为。这个角色权限的结合读写，dbadmin和useradmin角色。

useradmin

提供创建和修改的当前数据库角色和用户的能力。自useradmin 用户角色允许任何用户授予任何特权，包括他们自己，作用也间接超级用户访问任何数据库或，如果限于admin数据库集群，the。

对于具体的角色授予的特权，看useradmin。

这里说明了userAdmin是没readWrite权限的，需要加上readWrite权限才能在auth下 show collections

权限创建：

use admin

db.createUser(
    {

        user:'admin',
        pwd:'admin123',
        roles:
        [
            {role:'userAdmin',db:'admin'},
            {role:'readWrite',db:'admin'},
        ]

    }
)