Hi, I would like to define a read only "analysis" user which allows us to browse our live mongodb (which have a dynamic set of databases) using a tool such as robomongo. This is an account where it absolutely must not be possible to accidentally delete any sort of data/modify server configuration; its just for readonly investigation.

Ideally, I would like users with "readAnyDatabase" to be able to also list all databases on the server. At the moment however, I have to add "clusterAdmin" to this user to allow this (verified in latest 2.4.10 source). Although I cannot accidentally delete documents, I can still happily drop databases entirely with a single command!

This obviously conflicts with other issues such as https://jira.mongodb.org/browse/SERVER-11063. So, I suggest a new role which provides access to read-only "cluster" commands such as "listDatabases", that I can use in addition to "readAnyDatabase".