MongoDB: Grant roles to multiple databases based on a pattern

mongodb

Is it possible to grant database access to a user based on a prefix?

For example in MYSQL you can do the following:
GRANT ALL PRIVILEGES ON `username\_%` . * TO 'username'@'localhost';

In my use-case I would like to grant the readWrite role a specific user on a database of the same name — but also grant the ability to create a database matching this pattern, and give read/write access to it.

So for example, myuser would have the readWrite role on myuser database, but also have the ability to create myuser-otherdatabase.

Is this possible without giving server-wide roles (readWriteAnyDatabase) to this user for this purpose?

The application using this user account needs to be able to create prefixed databases to segment out data, and it should be able to do this on the fly, rather than having to have an administrator grant roles to the additional databases.

Any thoughts?

Best Answer

Resource document for the latest mongo has db and test attributes which can be only fixed strings.

I have tried with various wildchar: *, ., % also escaping but with no luck.

Best Answer

Related Solutions

Mongodb – Users and Roles in MongoDB

Mongodb – Possible to create databases in MongoDB but not have access to databases created by others

Related Question