The user should be able to define / create a global role that can be used in context of the users database. This would provide ability to create a globally shared role similar to built-in roles like readWrite, userAdmin etc.
- createRole "myReadWrite" (say under admin database) that specifies fine grained resource privileges without the database name (db = "").
- Ability to grant "myReadWrite" to a user under "testA" database, such that the myReadWrite privileges apply to the user in the context of the "testA" database only.
This would be analogous to how role management is done in most of the systems that provide this kind of control.