Given a MongoDB collection system.users that stores user roles, which query returns all users who have the readWrite role on the sales database?
db.system.users.find({ roles: { $elemMatch: { role: 'readWrite', db: 'sales' } } })Use $elemMatch to match both role and db in the same array element.
The $elemMatch operator matches array elements that satisfy all specified conditions together. Option A correctly finds users with a role of 'readWrite' on the 'sales' database.
Which statement best describes how role inheritance works in MongoDB's role-based access control?
Think about how MongoDB allows roles to build on each other.
MongoDB supports role inheritance, where a role can include privileges from other roles. This helps simplify privilege management.
Which option contains a syntax error when creating a custom role with privileges on the inventory collection?
db.createRole({ role: 'inventoryManager', privileges: [ { resource: { db: 'store', collection: 'inventory' }, actions: ['find', 'update'] } ], roles: [] })Check the type of privileges field; it should be an array.
Option D assigns privileges as an object instead of an array, causing a syntax error. It must be an array of privilege documents.
A user was assigned the role readWrite on the reports database, but cannot insert documents into the reports collection. What is the most likely cause?
Remember that roles apply to specific databases in MongoDB.
Roles in MongoDB are scoped to a database. If the user was assigned readWrite on a different database, they won't have insert privileges on reports.
You have multiple users needing similar but slightly different privileges on the finance database. What is the best approach to minimize management overhead while ensuring correct access?
Think about how role inheritance can simplify privilege management.
Creating a base role with common privileges and extending it with inherited roles reduces duplication and makes management easier and less error-prone.