Mongo db custom role with different privilages on differenct collections

dba.stackexchange https://dba.stackexchange.com/questions/181713

  •  08-10-2020
  •  | 
  •  

Question

I want to create a custom role which can just read one collection and readWrite all other collections. Don't have any delete permission on any collections.

  • Why this code won't work?

  • Should I add something like * in : collection:"" ?

    db.createRole(
{
 role: "role1",
 privileges: [
   { resource: { db: "db1" ,collection:"" }, actions: [ "find","insert","update" ] },      
   { resource: { db: "db1" ,collection:"col1" }, actions: [ "find"] }      
 ],
 roles:[]      
},
{ wtimeout: 5000 }
)
Was it helpful?

Solution

The only solution is to move that col1 to different DB, but then your application must, of course, read two different databases.

Licensed under: CC-BY-SA with attribution
Not affiliated with dba.stackexchange
scroll top