Setting User Permissions by Custom Role

I have a cluster with 3 databases, Development, Staging & Production. I’m trying to create a database user with read/write permissions on Development & Staging, but only read permissions on Production.

I’ve successfully limited the user’s access to the cluster using the Restrict Access to Specific Cluster/Data Lake option in the Edit Database User options in atlas, but I’m having issues with setting specific permissions to databases within the cluster.

I’m trying to do this using custom roles. I’ve created a custom role for the user with all collectionActions enabled in Development & Staging, and only find (within collectionActions) enabled in Production.

When I try to open the collection list in the Development database, it fails with this error message:

ListCollections failed. 
errmsg: "not authorized on Development to execute command

I’m using Robo3T as my GUI, when I try to do the same in Compass no collections are listed under Development.

Hi @Greg_Fitzpatrick-Bel ,

the “listCollection” permission is under the “Database Actions and Roles” and not under “Collection Actions”:

This explains why the development returned that error.

Use the search tool when looking for specific permissions.

Ty
Pavel

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.