Collection-Level Access Control
Collection-level access control allows administrators to grant users privileges that are scoped to specific collections.
Administrators can implement collection-level access control through user-defined roles. By creating a role with privileges that are scoped to a specific collection in a particular database, administrators can provision users with roles that grant privileges on a collection level.
By specifying both the database and the collection in the resource document for a privilege, administrator can limit the privilege actions just to a specific collection in a specific database. Each privilege action in a role can be scoped to a different collection.
For example, a user defined role can contain the following privileges:
The first privilege scopes its actions to the
inventory collection of the
products database. The second privilege scopes its actions to the
orders collection of the