Role programmatic restricted view
MongoDB provides robust RBAC solutions, allowing administrators to specify user access to resources declaratively. However, there are instances when you need to programmatically apply detailed logic to limit data access based on roles. In this example, you will explore how to regulate data access using programmatic RBAC within an aggregation pipeline.
Note
This example requires MongoDB version 7.0 or above. This is because you'll be using the USER_ROLES system variable introduced in version 7.0.
Scenario
At a medical establishment, the central IT system holds patient data that you need to share with different applications (and their users) according to the application's user role: receptionist, nurse, or doctor. Consequently, you will provide a read-only view of patient data, but the view will filter out specific sensitive fields depending on the application user's role. For example, the receptionist's application should...
