If a user is created with an empty array of roles are given what can the user do?

Hi All,
We are looking at MongoDB for our NoSQL db and need an answer on what the default permission are for a user e.g., if a user is created and no roles are provided.

Hopefully the answer is nothing (including query and writing any data), but this article implies a user (without any roles) will be able to read all of the data in the db that the user was created

Hi @Michael_Byrd1,

Welcome to the MongoDB Community Forums :sparkles:

There is no default permission if you do not enter any value within the roles:[] and if you try to execute the command after being authorized as that particular user, it will throw an error:

> show collections
MongoServerError: not authorized on test to execute command 
{ listCollections: 1, filter: {}, cursor: {}, nameOnly: true, authorizedCollections: false, 
lsid: { id: UUID("...") }, $db: "test", $readPreference: { mode: "primaryPreferred" } }

Sorry, but I couldn’t find this statement in the official docs. Please share the screenshot if you read it somewhere in our documentation.



This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.