1

Problem Statement:
I need to restrict access to PII data in a collection based on user roles. Specifically, I have two types of users:

Admin – Can view all data, including PII fields.
Restricted User – Should not be able to see PII fields.
Questions:
How can I configure access so that certain users cannot see PII fields?
Is it possible to enforce this via a connection string?
What are the best practices for implementing this in a MongoDB/PostgreSQL/MySQL setup?

2

Are you using Atlas? Or, is this a self-hosted community edition of MongoDB? To my knowledge, field level restrictions cannot be accomplished with a connection string. You can use the Atlas UI (assuming you’re on atlas) to create some custom roles…

  • Custom Roles in Atlas UI

    • Create a role for Admins with full find access.
    • Create a role for Restricted Users with field-level restrictions (ssn: 0, phone: 0).
    • Assign roles via Database Access in Atlas.
    • :open_book: MongoDB Atlas Custom Roles

  • Views for Restricted Users (Optional for Extra Security)

    • Create a MongoDB View hiding PII fields and grant access only to that view.
    • :open_book: MongoDB Views

Let us know if you’re not using Atlas and we can work on cli commands to create the roles.