Strictly following the principle of least privilege means not assigning a role that encompasses more than one database. For practical reasons, however, the administrative cost involved in creating and maintaining a large number of least-privilege database users in every single database might be excessive. Another factor to consider is that the more database users you need to create, the greater the chance of making a mistake is. Mistakes could include assigning an incorrect mix of users, roles, and applications. This could not only result in applications not working but could also cause an application to have far greater rights than are merited. The greater security problem posed in such a situation might outweigh the benefit of strict adherence to the principle of least privilege.
There are two primary built-in roles that allow a database user to read and/or write to all databases: readAnyDatabase and readWriteAnyDatabase, described...