One of the golden security rules of web application development is the principle of least privilege. According to the United States Department of Homeland Security, Cyber Infrastructure Division, this principle is defined as follows:
"Only the minimum necessary rights should be assigned to a subject that requests access to a resource and should be in effect for the shortest duration necessary (remember to relinquish privileges). Granting permissions to a user beyond the scope of the necessary rights of an action can allow that user to obtain or change information in unwanted ways. Therefore, careful delegation of access rights can limit attackers from damaging a system."
– Taken from an article entitled Least Privilege as seen on the US-CERT website (https://www.us-cert.gov/bsi/articles/knowledge/principles/least-privilege).
In the context of a MongoDB database application, this means assigning a role to a database user...