MongoDB must enforce approved authorizations for logical access to information and system resources in accordance with applicable access control policies.
Use createRole(), updateRole(), dropRole(), grantRole() statements to add and remove permissions on server-level securables, bringing them into line with the documented requirements.
MongoDB commands for role management can be found here:
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Access Control.This control applies to the following type of system MongoDB.