User Authorization Model

New in version 2.5.

The MongoDB Connector for BI restricts which database administration, data definition, and data manipulation statements authenticated users can run. The following table maps a SQL statement and corresponding MySQL privilege to the required MongoDB privilege action:

MySQL Statement	MySQL Privilege	MongoDB Privilege
FLUSH LOGS	RELOAD	Only available to the BI Connector's admin user specified by the `--mongo-username` option or the `mongodb.net.auth.username` setting.
`FLUSH SAMPLE`	Not in MySQL	Depends on your sampling configuration: Standalone Reader: `find` for all sampled namespaces `insert` and `update` for all databases in the cluster Clustered Reader: The statement is not permitted in this mode. Clustered Writer: `find` for all sampled namespaces `insert` and `update` on the schema database specified by `--schemaSource`
KILL	PROCESS privilege to view all threads SUPER privilege to kill all threads and statements No privilege required to view and kill your own threads and statements	`killop` to kill other user's connections or queries No privilege required to kill your own connection or query
ALTER TABLE	ALTER, CREATE, and INSERT privileges for the table. Renaming a table requires ALTER and DROP on the old table, as well as ALTER, CREATE, and INSERT on the new table.	Depends on your sampling configuration: Standalone Reader: `insert` and `update` for all databases in the cluster. Clustered Reader: Not permitted in this mode. Clustered Writer: `insert` and `update` on the schema database specified by `--schemaSource`.
SET (Variables)	SUPER privilege is required to set global variables. Setting a session variable generally does not require any privilege, although there are exceptions that require the SUPER privilege (such as sql_log_bin).	Either the BI Connector's admin user, as specified by the `--mongo-username` option or the `mongodb.net.auth.username` setting, or any MongoDB user with the inprog privilege can set global variables. No privilege required to set session variables.
SHOW CHARACTER SET	No privilege required.	No privilege required.
SHOW COLLATION	No privilege required.	No privilege required.
SHOW COLUMNS	Displays column information for each column where the user has some privilege. Column information is not displayed for columns where the user does not have some privilege.	`find` on the proper collections.
SHOW CREATE DATABASE	No privilege required.	`find` on the proper database.
SHOW CREATE TABLE	Some privilege for the table.	`find` on the proper database or collection.
SHOW {DATABASES \| SCHEMAS}	SHOW DATABASES privilege.	`find` on the proper database or collection.
SHOW {INDEX \| INDEXES \| KEYS}	This statement requires some privilege for any column in the table.	`find` on the proper collection.
SHOW PROCESSLIST	PROCESS privilege to view all processes. No privilege required to view your own processes.	`inprog` to view all processes. No privilege required to view your own processes.
SHOW STATUS	No privilege required.	No privilege required.
SHOW TABLES	Lists non-temporary tables in a given database where the user has some privilege. If you do not have any privilege for a base table or view, it does not show up in the output from SHOW TABLES .	`listCollections` on a database displays all tables from that database. `find` on a collection only shows the tables from that collection.
SHOW VARIABLES	No privilege required.	No privilege required.

Back

Type Conversion Modes

System Variables

User Authorization Model.leafygreen-ui-m0pgrr{-webkit-align-self:center;-ms-flex-item-align:center;align-self:center;padding:0 10px;visibility:hidden;}.leafygreen-ui-a30zj9{color:#889397;vertical-align:middle;margin-top:-2px;}.css-1l4s55v{margin-top:-175px;position:absolute;padding-bottom:2px;}

User Authorization Model