Docs Home → Develop Applications → MongoDB Manual
Collection-Level Access Control![](/docs/v5.1/assets/link.svg)
On this page
Collection-level access control allows administrators to grant users privileges that are scoped to specific collections.
Administrators can implement collection-level access control through user-defined roles. By creating a role with privileges that are scoped to a specific collection in a particular database, administrators can provision users with roles that grant privileges on a collection level.
Privileges and Scope![](/docs/v5.1/assets/link.svg)
A privilege consists of actions and the resources upon which the actions are permissible; i.e. the resources define the scope of the actions for that privilege.
By specifying both the database and the collection in the resource document for a privilege, administrator can limit the privilege actions just to a specific collection in a specific database. Each privilege action in a role can be scoped to a different collection.
For example, a user defined role can contain the following privileges:
privileges: [ { resource: { db: "products", collection: "inventory" }, actions: [ "find", "update", "insert" ] }, { resource: { db: "products", collection: "orders" }, actions: [ "find" ] } ]
The first privilege scopes its actions to the inventory
collection
of the products
database. The second privilege scopes its actions
to the orders
collection of the products
database.
Additional Information![](/docs/v5.1/assets/link.svg)
For more information on user-defined roles and MongoDB authorization model, see Role-Based Access Control. For a tutorial on creating user-defined roles, see Manage Users and Roles.