search

klequis / modern-fullstack-mern

0 stars 0 forks source link

Production mondo user should not be able to create and drop collections #62

Open klequis opened 5 years ago

klequis commented 5 years ago

I did this with the test user and then realized test needs to create & drop collections. Here is the code to crate the more limited user

use todo-test
db.createRole(
   {
     role: "testUser",
     privileges: [
       { resource: { db: "todo-test", collection: "" }, actions: [ 'find', 'insert', 'remove', 'update' ] }
     ],
     roles: []
   },
   { w: "majority" , wtimeout: 5000 }
)

use todo-test
db.createUser(
  {
    user: "testUser1",
    pwd: "karl",
    roles: [ { role: "testUser", db: "todo-test" } ]
  }
)
klequis commented 5 years ago

This is not typically what MongoDB doc suggests and may not be necessary.