MongoDB Privileges

Hi all,

As part of our auditing due diligence, I need to ensure the Meteor connection has write-only access to a specific MongoDB collection.

I was hoping I could assign Meteor a user account(/role) with restricted privileges in MongoDB - however I can’t find anywhere in the Meteor documentation that lists the required grants. (Is everyone simply using an admin account/role?!)

Our fallback, would be to isolate Meteor to it’s own MongoDB, however this isn’t ideal.

Can someone point me to where the required privileges/grants are documented?

Kind regards,

1 Like

I don’t think Meteor has this feature built-in. There is no admin account.
You can create your own by control your methods on the server.
Meteor works beautifully with remote MongoDB database.

Hi @minhna,

Thanks for the response. Not sure you understand my question (or I don’t understand your response), so I’ll reword my question:

What MongoDB privileges does Meteor require?

Kind regards,

As I understand, Meteor use the same mongodb connection for the whole app, unless you create your own connection.
You can use/set any privileges which fit your app requirements. Meteor core even does not any mongodb connection.