Role-Based Access to PII Data in a Collection

Problem Statement:
I need to restrict access to PII data in a collection based on user roles. Specifically, I have two types of users:

Admin – Can view all data, including PII fields.
Restricted User – Should not be able to see PII fields.
Questions:
How can I configure access so that certain users cannot see PII fields?
Is it possible to enforce this via a connection string?
What are the best practices for implementing this in a MongoDB/PostgreSQL/MySQL setup?

Are you using Atlas? Or, is this a self-hosted community edition of MongoDB? To my knowledge, field level restrictions cannot be accomplished with a connection string. You can use the Atlas UI (assuming you’re on atlas) to create some custom roles…

• Custom Roles in Atlas UI

  • Create a role for Admins with full find access.
  • Create a role for Restricted Users with field-level restrictions (ssn: 0, phone: 0).
  • Assign roles via Database Access in Atlas.
  • MongoDB Atlas Custom Roles

• Views for Restricted Users (Optional for Extra Security)

  • Create a MongoDB View hiding PII fields and grant access only to that view.
  • MongoDB Views

Let us know if you’re not using Atlas and we can work on cli commands to create the roles.