Creating a read-only user

Ops and Admin
#1

I want to create a read-only user in mongo 5.0.3.
I tried with the readAnyDatabase role, or with the read role on each of the databases,
In both cases, the user is created, is able to log in and read the data,
BUT also able to insert and delete documents.
What user or server configuration can cause that?

use admin
db.getUsers()
...
        {
                "_id" : "admin.userreader",
                "userId" : UUID("3d9ae333-5bab-340b-85c1-fa2de5226685"),
                "user" : "userreader",
                "db" : "admin",
                "roles" : [
                        {
                                "role" : "readAnyDatabase",
                                "db" : "admin"
                        }
                ],
                "mechanisms" : [
                        "SCRAM-SHA-1",
                        "SCRAM-SHA-256"
                ]
        },
...
#2

Hi @Leiberman_Yuval,
I have a slightly newer version than yours did and i did quick test to check, but everything seems to be working fine:

[direct: mongos] admin> db.createUser({user:"readOnly",pwd:"test",roles:[{role:"readAnyDatabase",db:"admin"}]})
{
  ok: 1,
  '$clusterTime': {
    clusterTime: Timestamp({ t: 1679257081, i: 2 }),
    signature: {
      hash: Binary(Buffer.from("878756225d60b31ee03ef06a2139d811883bb0e5", "hex"), 0),
      keyId: Long("7206364152367939607")
    }
  },
  operationTime: Timestamp({ t: 1679257081, i: 2 })
}


[root@mongos ~]# mongosh -host ip_addr:port -authenticationDatabase admin -u readOnly -p test 
Current Mongosh Log ID: 64176e181782364e658fc610
Connecting to:          mongodb://<credentials>@ip_addr:port/?directConnection=true&authSource=admin&tls=true&tlsCertificateKeyFile=%2Fetc%2Fsecurity%2Fmongodb%2F....&tlsCAFile=%2Fetc%2Fsecurity%2Fmongodb%2F...&appName=mongosh+1.8.0
Using MongoDB:          5.0.15
Using Mongosh:          1.8.0

For mongosh info see: https://docs.mongodb.com/mongodb-shell/

[direct: mongos] test> show collections
collection_test
[direct: mongos] test> db.collection_test.insertOne({test:false})
MongoServerError: not authorized on test to execute command { insert: "collection_test", documents: [ { test: false, _id: ObjectId('64176e39e972edeb1e236958') } ], ordered: true, lsid: { id: UUID("41a15864-77fe-448f-97d2-2371ef78fb06") }, txnNumber: 1, $clusterTime: { clusterTime: Timestamp(1679257135, 2), signature: { hash: BinData(0, 863AAD840F5AF9BC7804B3619DBD98698BB7F6D5), keyId: 7206364152367939607 } }, $db: "test" }

[direct: mongos] test> db.collection_test.find().pretty()
[
  {
    _id: ObjectId("641383e8f2bb42d739875bac"),
    nome: 'test',
    cognome: 'test'
  }
]

maybe you didn’t authenticate with the correct username.

Best Regards