Providing access at collection level

Hi Team,

What is command to create user and provide access at collection level.

I know at DB level we can provide as below:

use reporting
db.createUser(
{
user: “reportsUser”,
pwd: “12345678”,
roles: [
{ role: “read”, db: “reporting” },
{ role: “read”, db: “products” },
{ role: “read”, db: “sales” },
{ role: “readWrite”, db: “accounts” }
]
}
)

But if we need provide readwrite access only at certain collection.

Regards,
Vishwanath

Hey @vishwanathk

You will be getting into User Defined Roles if you need that level of authorization validations. Specifically the resource field below

use admin
db.createRole(
   {
     role: "customRoleName",
     privileges: [
       { resource: { db: "test", collection: "one" }, actions: [ "find", "insert" ] }
     ],
     roles: []
   }
)

Therefore the follow role will give a user access to the collection called one on the test database, with the ability to only do the find or insert actions.

See the doc for more info.
Create a User defined Role
Privilege Actions
Reasoure Document

2 Likes

Hi @natac13,

Thanks a lot.

Regards,
Vishwanath