I want to be able to read, insert, update, find and delete for the to-dos collection and for the users collection, I just want to find, insert and update. My first solution was:
db.createRole(
{
role: "all_permissions_except_user_delete",
privileges: [
{ resource: { db: "todo-fsharp-api", collection: "todos" }, actions: [ "find", "update", "insert", "remove" ] },
{ resource: { db: "todo-fsharp-api", collection: "users" }, actions: [ "find", "update", "insert" ] }
],
roles: []
},
{ w: "majority" }
)
This really works but it is not scalable because if I add another collection I cannot do anything with this new collection, unless I modified the role.
In short, I want to be able to carry out all the actions on the to-dos collection and future collections. Specifically for the users collection I want to do everything but delete.
I was thinking of something like this but it doesn't work, it still lets me delete users.
db.createRole(
{
role: "all_permissions_except_user_delete",
privileges: [
{ resource: { db: "todo-fsharp-api", collection: "" }, actions: [ "find", "update", "insert", "remove" ] },
{ resource: { db: "todo-fsharp-api", collection: "users" }, actions: [ "find", "update", "insert" ] }
],
roles: []
},
{ w: "majority" }
)
Is it possible to do what I want?