For our first scenario, let's say that the management appoints an admin to run financial reports on the biglittle database. However, the database server also hosts another database to which this admin should not have rights. Here is an example of how the rights might be assigned:
bgReader = {
user : "bgReader",
pwd : "password",
roles : [ { role:"read", db:"biglittle" } ],
mechanisms: [ "SCRAM-SHA-256" ]
}
db.createUser(bgReader);
This user can now authenticate to the server using the mongo shell, specifying the -u and -p parameters. In addition the user needs to identify the authentication source using the --authenticationDatabase parameter. As you can see from the screenshot shown here, the new user, bgReader, can access the biglittle database and issue the findOne() command:
However, if the same user attempts to insert something into the database, the operation fails and...