1
00:00:02,340 --> 00:00:08,790
Now just to come back to what I ended with in the previous lecture. We use roles because we typically

2
00:00:08,790 --> 00:00:11,820
of course have more than one type of database user.

3
00:00:12,000 --> 00:00:18,510
If we are building an online shop application, even then we have more than one database user,

4
00:00:18,510 --> 00:00:20,800
we will probably have some administrator,

5
00:00:20,820 --> 00:00:28,230
so a real person who actually needs to be able to manage the database configuration, create other users

6
00:00:28,230 --> 00:00:31,640
maybe, create new databases, create new collections,

7
00:00:31,710 --> 00:00:32,620
stuff like that

8
00:00:32,640 --> 00:00:37,320
and you could even split that up into different roles but we might have such a super administrator who

9
00:00:37,320 --> 00:00:38,940
does all that heavy lifting

10
00:00:39,240 --> 00:00:45,540
but this administrator will not be required to actually work with the data in the database. The administrator

11
00:00:45,540 --> 00:00:48,470
will not be required to insert or fetch data,

12
00:00:48,750 --> 00:00:52,850
so this would be one role we typically have. Then we would have the developer,

13
00:00:52,950 --> 00:00:58,780
so the app and I'm putting this into one role because you are the developer, you are a real person

14
00:00:58,920 --> 00:01:02,070
but of course you are writing some code where the code is in the end

15
00:01:02,130 --> 00:01:04,310
what it will insert or fetch data,

16
00:01:04,350 --> 00:01:10,470
so in the end, the app is the user you could say. And the app and therefore you as a developer, you need

17
00:01:10,470 --> 00:01:13,140
to be able to insert, update, delete or fetch data,

18
00:01:13,170 --> 00:01:18,760
so all these crud operations, which is why we heavily focus on these in this course this is a developer's

19
00:01:18,760 --> 00:01:24,420
course but you will not need to create users or manage the database configuration,

20
00:01:24,420 --> 00:01:25,690
this is not your job

21
00:01:25,800 --> 00:01:31,590
and the app code shouldn't be able to do that because if someone is able to access this code somehow,

22
00:01:31,890 --> 00:01:37,390
suddenly this person can start changing your code and do bad things to your database.

23
00:01:37,650 --> 00:01:42,630
So again, we'll focus on that developer part in this course but for the big picture, it's important that

24
00:01:42,630 --> 00:01:48,420
you understand how authentication and roles and security in general work in mongodb.

25
00:01:48,420 --> 00:01:52,670
Now last but not least to complete that picture, in that same app we're building,

26
00:01:52,680 --> 00:01:53,580
let's say a shop,

27
00:01:53,610 --> 00:01:57,570
we might also have a data scientist who analyzes our sales.

28
00:01:57,600 --> 00:02:04,020
Now this real person needs to be able to fetch data but certainly not to do any database configuration

29
00:02:04,230 --> 00:02:07,470
or start editing, inserting or deleting data.

30
00:02:07,830 --> 00:02:11,240
So this is why we have this role based concept in mongodb.