I want my user to have only find
action privilege on a specific collection. However, when I create the user with the privilege, restart the mongod
server and run the mongo shell again with -u
-p
and --authenticationDatabase
parameters and run insert
command on the collection, it successfully inserts the document in collection. Similarly, update
command also works seamlessly for this user and the corresponding collection.
Here's the code for creating the user-
use testauth
db.createUser({user: "user", pwd: "password", roles: [{role: "readWrite", db: "testauth", privileges: [{resource: {db: "testauth", collection: "readonlycol"}, actions: ["find"]}]}]})
Followed by this, I restart the mongod
server with --auth
and run the mongo shell with authentication parameters.
When I go ahead and try to insert a document in the collection, it works –
> use testauth
> db.readonlycol.insert({"key": "value"})
WriteResult({ "nInserted" : 1 })
update
also seems to work. The only command which doesn't work is remove
. What am I doing wrong?
Best Answer
according to https://docs.mongodb.com/manual/reference/built-in-roles/
the "readwrite" is to blame ...
Although the list also contains the remove - right .