Hi, I’ve created a Custom Role to limit access to a specific database, but the new User modal is forcing me to also choose a Built-in Role, which would either grant too much or too few privileges, or does it do something else? The documentation is confusing.
So, I’ve gone and created a user for unit testing with the “Only read any database” as the Built-in Role, going with the least privilege principle, and in the Custom Role, I’ve tied it to a specific database.
However, I’ve found two problems when using the connection path:
- MongoDB Compass gives me access to all of the databases, including production;
- it’s honouring the read and not write in the application, which is useless for unit testing.
Is it possible to create a user that is restricted to a specific database? And, retains those restrictions regardless of where it’s used.
Hi, sorry, I misinterpreted your question. You do not have to select a built-in role. You can just click the trash icon to hide that selector and then select a custom role. Alternatively, clicking outside of the modal will automatically unpopulated that selection it would appear.
I do agree it is a touch confusing so I will pass this feedback along to that team.
Let me know if this works for you?
Hi @Tyler_Kaye, I sort of stumbled upon what you’re recommending.
I’ve trimmed the Actions down for the Custom Role, but I’m still seeing problems when testing…
Since swapping the connection around, the unit tests have stalled.
Hi, without more information about what test is failing, it would be difficult for me to offer any suggestions here. However, it is probably the case that the tests are just trying to do something that you are not allowing it to do.
As a side note, is there a reason you need to be using these custom roles for your testing? I am assuming you are running tests against a test cluster and not directly against your production cluster?
I plan on creating a Role per User, restricting each to: Development; Testing; Staging; and Production.
The unit testing was working prior to me making changes to this Role and User.