Collection-Level Access Control集合级访问控制¶

~~On this page~~本页内容

~~Privileges and Scope~~权限和范围
~~Additional Information~~附加信息

~~Collection-level access control allows administrators to grant users privileges that are scoped to specific collections.~~集合级访问控制允许管理员向用户授予特定集合的权限。

~~Administrators can implement collection-level access control through user-defined roles.~~管理员可以通过用户定义的角色实现集合级访问控制。~~By creating a role with privileges that are scoped to a specific collection in a particular database, administrators can provision users with roles that grant privileges on a collection level.~~通过创建具有特定数据库中特定集合的权限的角色，管理员可以为用户提供在集合级别授予权限的角色。

Privileges and Scope权限和范围¶

~~A privilege consists of actions and the resources upon which the actions are permissible; i.e. the resources define the scope of the actions for that privilege.~~权限由操作和允许操作的资源组成，即资源定义了该权限的操作范围。

~~By specifying both the database and the collection in the resource document for a privilege, administrator can limit the privilege actions just to a specific collection in a specific database.~~通过在资源文档中为权限指定数据库和集合，管理员可以将权限操作仅限于特定数据库中的特定集合。~~Each privilege action in a role can be scoped to a different collection.~~角色中的每个权限操作都可以限定到不同的集合。

~~For example, a user defined role can contain the following privileges:~~例如，用户定义的角色可以包含以下权限：

privileges: [
  { resource: { db: "products", collection: "inventory" }, actions: [ "find", "update", "insert" ] },
  { resource: { db: "products", collection: "orders" },  actions: [ "find" ] }
]

~~The first privilege scopes its actions to the inventory collection of the products database.~~第一个权限将其操作范围限定为products数据库的inventory集合。~~The second privilege scopes its actions to the orders collection of the products database.~~第二个权限将其操作范围限定为products数据库的orders集合。

Additional Information附加信息¶

~~For more information on user-defined roles and MongoDB authorization model, see Role-Based Access Control.~~有关用户定义角色和MongoDB授权模型的更多信息，请参阅基于角色的访问控制。~~For a tutorial on creating user-defined roles, see Manage Users and Roles.~~有关创建用户定义角色的教程，请参见管理用户和角色。