Homework 2.3 : Create custom role


I’m trying to complete lab 2.3, and my first result is marked as wrong. I suspect that I misunderstood the requirements for EMPLOYEEPORTAL, where it says: “Can read from HR.employees collection”

There does not seem to be a “read” privilege action, but there is of course the built-in “read” role. The lab says not to inherit roles unless explicitly stated, so I just took the privileges of the read role and added them all manually.

Is it supposed to work that way (and I have to look for my error in other places), or does “Can read from HR.employees collection” mean something else?

Hi Matthias_17852,

The other roles you’ve submitted look correct.

For the EMPLOYEEPORTAL role you can interpret the requirement to read as a single action - to query/find documents on the employees collection

Hope this helps,


Hi David,

Thank you very much, that helped!

I post my question in here for sake of resource saving

HRDEPARTMENT : Can remove users from the HR database

what does this mean? no mentioned about there is collection called “users”, if it was talking about the user defined in admin DB for specified HR DB, then how to define a role that only can let this role user to remove a user whom is specified to HR DB?

Thanks for any input

anyway, I finally got the idea, and passed this homework.

Hi Denlai,

You can create users in any db. You don’t have to create users in admin although it’s recommended.