I want to allow certain users to update and insert, but not to delete. I have created the following role
db.createRole({
role: "readWriteNoDelete",
privileges: [{
resource: {
db: "permitmanager",
collection: ""
},
actions: ["insert", "update"]
}],
roles: [{
role: "read",
db: "permitmanager"
}]
})
I assigned it to my current user, confirmed by running this:
> db.runCommand({connectionStatus : 1})
{
"authInfo" : {
"authenticatedUsers" : [
{
"user" : "defaultuser",
"db" : "admin"
}
],
"authenticatedUserRoles" : [
{
"role" : "read",
"db" : "permitmanager"
},
{
"role" : "readWriteNoDelete",
"db" : "permitmanager"
}
]
},
"ok" : 1
}
However, I am still able to delete from a collection within permitmanager:
> db
permitmanager
> db.leads.remove({"estDollarAmount": 0})
WriteResult({ "nRemoved" : 1 })
What am I missing? I would think that if the 'remove' action wasn't present on their privileges they would not be able to do this
Turns out authentication wasn't enabled on the database, (add --auth to the mongod startup command)