Mongodb – Allow only find and insert action to mongodb collection

mongodbmongodb-3.6

I want to create collection. that allow only insert and find operation. i read Privilege Actions in mongodb and i applied that method but all actions are performed like remove and update

i tried following 

db.createRole({
  role: "master",
  privileges: [
    { resource: { db : "db_name",collection:"lock" }, actions: ["find","insert"] },
  ],
  roles : []
})

 db.grantPrivilegesToRole("master",[{resource : {db : "db_name",collection:"lock"},actions : ["find","insert"]}],{w : "majority"})

how to allow only insert and find ?

Best Answer

I created role with your db.createRole(..., I didn't "need" to use your grantPrivilegesToRole command. Then I created user

db.createUser({"user":"test2",pwd:"password",roles:["master"]})

and changes to it with

db.auth("test2","password")

If I change to database test, command db.lock.insert({}) fails, as it should be, but if I change database to db_name, insert commands works fine and find command works

> db.lock.find({})
{ "_id" : ObjectId("5ae9a57a119b0cf4316e2964") }

Then If I try to remove that document

> db.lock.remove({})
WriteResult({
    "writeError" : {
        "code" : 13,
        "errmsg" : "not authorized on db_name to execute command { delete: \"lock\", deletes: [ { q: {}, limit: 0.0 } ], ordered: true }"
    }
})

Nor update command works

> db.lock.update({"_id" : ObjectId("5ae9a57a119b0cf4316e2964")},{$set:{"something":"somewhere"}})
WriteResult({
    "writeError" : {
        "code" : 13,
        "errmsg" : "not authorized on db_name to execute command { update: \"lock\", updates: [ { q: { _id: ObjectId('5ae9a57a119b0cf4316e2964') }, u: { $set: { something: \"somewhere\" } }, multi: false, upsert: false } ], ordered: true }"
    }
})

"Stupid" question: Have you remember to enable "authentication" (--auth -parameter) at your mongod? Because if no authentication, no authorization...

Related Question