javascript - how give different privilege for user and admin in mongodb -
i'm creating application using sails , mongodb. need 3 level of user.
- super admin
- admin
- user
i want give different privileges each of user
- super admin can access whole db.
- admin can access data relate field
- user can access data related user.
so how user different schema different type of user. , restrict 1 user access other resources.
i want give different privileges each of user
- super admin can access whole db.
- admin can access data relate field
- user can access data related user.
what need document-level access control user can access document based on value in particular field. unfortunately, as of version 3.0, there not yet built in way provide access-control @ document/field level. mongo's acls go collection-level only.
..so how use different schema different type of user. , restrict 1 user access other resources.
because of reasons mentioned above, impossible @ database level alone if 'resource' mean 'document'. however, can still manage achieve similar functionality on application level(sailjs). @ database level, best can is- move users document different collection. mat use createrole() method create role , specify privilege.
for superadmins:
db.createrole({ role: "superadmin", privileges: [ { resource: { db: "mycustomdb", collection: "" }, actions: [ "find", "update", "insert", "remove" ]} ], roles: [] }) superadmins have access collections in mycustomdb database , perform find, update, insert , remove actions
for admins:
db.createrole({ role: "admin", privileges: [ { resource: { db: "mycustomdb", collection: "admincollection" }, actions: [ "find", "update", "insert", "remove" ]}, { resource: { db: "mycustomdb", collection: "" }, actions: [ "find"]} ], roles: [] }) admins can access documents in own collection , perform crud operations. however, have read-only access other collection in database.
for users:
db.createrole({ role: "user", privileges: [ { resource: { db: "mycustomdb", collection: "usercollection" }, actions: [ "find", "update", "insert", "remove" ]} ], roles: [] }) note: if using version 2.4(or below), need move users collection different database. mongodb 2.4(and below) acls go database-level only.
Comments
Post a Comment