Allow per-instance read-only databases in MongoDB
Hello MongoDB team,
I manage several isolated MongoDB instances for different environments (dev, preprod, prod). In some cases, I would like to make an entire database read-only to prevent accidental writes (e.g., for preproduction).
Currently, MongoDB only supports read-only at the instance level (with --readOnly or similar mechanisms), but there is no way to set a specific database as read-only.
Feature Request:
Add a supported way to start a single MongoDB instance in read-only mode, regardless of the databases it hosts.
Use case: allow devs/testers to read from preprod data without risking unwanted writes.
This would help improve safety in shared environments without adding the overhead of setting up complex permissions or firewall rules.
Thanks!
j
shared this idea
-
Rhys
commented
Hi @j, I'd recommend creating custom users for these devs/testers in your MongoDB instance if it's self managed: https://www.mongodb.com/docs/manual/reference/method/db.createUser/#mongodb-method-db.createUser
Or adding database users in Atlas if you're using Atlas: https://www.mongodb.com/docs/atlas/mongodb-users-roles-and-privileges/
While we can prevent users from doing some write actions in Compass, it's not a catch-all, and they would still have the ability to write if they extracted and used the connection string or changed their Compass configuration.