Resource document within Collection-Level Access Control currently supports the following.
1. Explicit values :
2. Empty strings that includes the entire scope :
Request is to have a pattern matching on either db or collection fileds, this way permissions can be granted based on the matching pattern rather then explicit literals.
3. regexp example