创建了一个MongoDB用户,该用户具有对集合的readWrite访问权限.但我不想给该用户提供dropCollection访问权限.我该如何实现呢.

谢谢.

最佳答案 您可以
define your custom role为您的目的.

您还可以通过继承自定义角色的admin.system.roles.roles字段来扩展现有角色.

这是一个示例自定义角色

{
  role: "YourRole",
  db: "YourDatabase",
  privileges:
      [
          {
              resource: {db: "YourDatabase", collection: "OneOfCollections"},
              actions: ["find", "insert", "update", "remove", "createIndex" ...]
          },
          {
              resource: {db: "YourDatabase", collection: "AnotherCollection"},
              actions: ["find", "insert", "update", "remove", "createIndex" ...]
          },
          .
          .
          .
      ],
  roles:
      [
          { role: "RoleYouWantToInherit", db: "TheDatabaseRoleIsDefinedFor" },
          ...
      ]
}