Docs Menu

Docs HomeMongoDB Connector for BI

User Authorization Model

New in version 2.5.

The MongoDB Connector for BI restricts which database administration, data definition, and data manipulation statements authenticated users can run. The following table maps a SQL statement and corresponding MySQL privilege to the required MongoDB privilege action:

MySQL Statement
MySQL Privilege
MongoDB Privilege
FLUSH LOGS
FLUSH SAMPLE
Not in MySQL

Depends on your sampling configuration:

Standalone Reader:

  • find for all sampled namespaces

  • insert and update for all databases in the cluster

Clustered Reader:

The statement is not permitted in this mode.

Clustered Writer:

  • PROCESS privilege to view all threads

  • SUPER privilege to kill all threads and statements

  • No privilege required to view and kill your own threads and statements

  • killop to kill other user's connections or queries

  • No privilege required to kill your own connection or query

ALTER, CREATE, and INSERT privileges for the table.

Renaming a table requires ALTER and DROP on the old table, as well as ALTER, CREATE, and INSERT on the new table.

Depends on your sampling configuration:

Standalone Reader:

insert and update for all databases in the cluster.

Clustered Reader:

Not permitted in this mode.

Clustered Writer:

insert and update on the schema database specified by --sampleSource.

SUPER privilege is required to set global variables.

Setting a session variable generally does not require any privilege, although there are exceptions that require the SUPER privilege (such as sql_log_bin).

Either the BI Connector's admin user, as specified by the --mongo-username option or the mongodb.net.auth.username setting, or any MongoDB user with the inprog privilege can set global variables.

No privilege required to set session variables.

No privilege required.
No privilege required.
No privilege required.
No privilege required.
Displays column information for each column where the user has some privilege. Column information is not displayed for columns where the user does not have some privilege.
find on the proper collections.
No privilege required.
find on the proper database.
Some privilege for the table.
find on the proper database or collection.
SHOW DATABASES privilege.
find on the proper database or collection.
This statement requires some privilege for any column in the table.
find on the proper collection.

PROCESS privilege to view all processes.

No privilege required to view your own processes.

inprog to view all processes.

No privilege required to view your own processes.

No privilege required.
No privilege required.

Lists non-temporary tables in a given database where the user has some privilege.

If you do not have any privilege for a base table or view, it does not show up in the output from SHOW TABLES .

listCollections on a database displays all tables from that database.

find on a collection only shows the tables from that collection.

No privilege required.
No privilege required.
←  Type Conversion ModesSystem Variables →
Share Feedback
© 2023 MongoDB, Inc.

About

  • Careers
  • Investor Relations
  • Legal Notices
  • Privacy Notices
  • Security Information
  • Trust Center
© 2023 MongoDB, Inc.