grant readWrite privilege to user app_admin like below:
db.createUser({"user":"app_admin", "pwd":"itnihao", "roles": [{"role": "readWrite", "db":"app1"},{"role": "readWrite", "db":"app2"},{"role": "readWrite", "db":"app3"}]})
The question is user app_admin how to discover the visible database app1, app2, app3 without the listDatabases privilege?
I find the mongod GUI tool studio 3T,Mongodb Compass can do this.
After tcpdump the studio 3T, find the usersInfo can do this.
> db.runCommand({"usersInfo": {"user": "app_admin", "db": "admin"}})
{
"users" : [
{
"_id" : "admin.app_admin",
"user" : "app_admin",
"db" : "admin",
"roles" : [
{
"role" : "readWrite",
"db" : "app4"
},
{
"role" : "readWrite",
"db" : "app1"
},
{
"role" : "readWrite",
"db" : "app2"
},
{
"role" : "readWrite",
"db" : "app3"
}
]
}
],
"ok" : 1
}