I want to create collection. that allow only insert
and find
operation. i read Privilege Actions in mongodb and i applied that method but all actions are performed like remove
and update
i tried following
db.createRole({
role: "master",
privileges: [
{ resource: { db : "db_name",collection:"lock" }, actions: ["find","insert"] },
],
roles : []
})
db.grantPrivilegesToRole("master",[{resource : {db : "db_name",collection:"lock"},actions : ["find","insert"]}],{w : "majority"})
how to allow only insert
and find
?
Best Answer
I created role with your
db.createRole(...
, I didn't "need" to use your grantPrivilegesToRole command. Then I created userdb.createUser({"user":"test2",pwd:"password",roles:["master"]})
and changes to it with
db.auth("test2","password")
If I change to database
test
, commanddb.lock.insert({})
fails, as it should be, but if I change database todb_name
, insert commands works fine and find command worksThen If I try to remove that document
Nor update command works
"Stupid" question: Have you remember to enable "authentication" (--auth -parameter) at your mongod? Because if no authentication, no authorization...