Reputation: 547
Is there any way to password protect mongodb remove command.
One of my junior did the remove of collection by mistake on production environment. So I want to restrict everyone from using remove command.
Upvotes: 0
Views: 249
Reputation: 4843
You would need to create custom roles that allow said users only a subset of commands on the database.
For the role to apply to all databases you need to create it on the admin db. Otherwise it is specific for the db it is created on.
For example you could create the following role to allow read/write to documents, but only read to collections and dbs.
use admin
db.runCommand({ createRole: "juniorUser",
privileges: [{
resource: { db: "", collection: "" },
actions: [ "find", "update", "insert", "remove", "createCollection", ]
}],
roles: [
role: "read"
]
})
This creates a new role that inherits from the basic read role and also adds the five privileges. You can find a list of all privileges available here.
Upvotes: 3