Mongo db custom role with different privilages on differenct collections
-
08-10-2020 - |
Question
I want to create a custom role which can just read one collection and readWrite all other collections. Don't have any delete permission on any collections.
Why this code won't work?
Should I add something like * in : collection:"" ?
db.createRole( { role: "role1", privileges: [ { resource: { db: "db1" ,collection:"" }, actions: [ "find","insert","update" ] }, { resource: { db: "db1" ,collection:"col1" }, actions: [ "find"] } ], roles:[] }, { wtimeout: 5000 } )
Solution
The only solution is to move that col1 to different DB, but then your application must, of course, read two different databases.
Licensed under: CC-BY-SA with attribution
Not affiliated with dba.stackexchange