Allow MongoDB Read/Write But Disallow Delete Permission

As per MongoDB documentation here Collection-level access control allows administrators to grant users privileges that are scoped to specific collections.

Administrators can implement collection-level access control through user-defined roles. By creating a role with privileges that are scoped to a specific collection in a particular database, administrators can provision users with roles that grant privileges on a collection level.

Required Access

To create a role in a database, you must have:

• the createRole action on that database resource.
• the grantRole action on that database to specify privileges for the new role as well as to specify roles to inherit from.

Built-in roles userAdmin and userAdminAnyDatabase provide createRole and grantRole actions on their respective resources.

To create a role with authenticationRestrictions specified, you must have the setAuthenticationRestriction action on the database resource which the role is created.

use admin
db.createRole(
 {
 role: "myClusterwideAdmin",
 privileges: [
 { resource: { cluster: true }, actions: [ "addShard" ] },
 { resource: { db: "config", collection: "" }, actions: [ "find", "update", "insert", "remove" ] },
 { resource: { db: "users", collection: "usersCollection" }, actions: [ "update", "insert", "remove" ] },
 { resource: { db: "", collection: "" }, actions: [ "find" ] }
 ],
 roles: [
 { role: "readWrite", db: "admin" }
 ]
 },
 { w: "majority" , wtimeout: 5000 }
)

Roles

In the roles field, you can specify both built-in roles and user-defined roles.

{ role: "<role>", db: "<database>" }

For your further ref here , here and here

• mongodb
• permissions