As part of our auditing due diligence, I need to ensure the Meteor connection has write-only access to a specific MongoDB collection.
I was hoping I could assign Meteor a user account(/role) with restricted privileges in MongoDB - however I can’t find anywhere in the Meteor documentation that lists the required grants. (Is everyone simply using an admin account/role?!)
Our fallback, would be to isolate Meteor to it’s own MongoDB, however this isn’t ideal.
Can someone point me to where the required privileges/grants are documented?
I don’t think Meteor has this feature built-in. There is no admin account.
You can create your own by control your methods on the server.
Meteor works beautifully with remote MongoDB database.
As I understand, Meteor use the same mongodb connection for the whole app, unless you create your own connection.
You can use/set any privileges which fit your app requirements. Meteor core even does not any mongodb connection.