Currently, the privileges for collection renaming are validated only at the database level, and currently there is no way to have specific privileges only on the source and destination collections, in order to rename a specific source collection to a specific destination collection. This is because privileges don't give us a way to specify metadata about them. Privileges only possess a resource and a set of actionTypes. That means, it's not possible to specify a "privilege" which applies to performing an action on resource, in relation to another resource.

Therefore, in order to rename a source collection to a target collection, it is not possible to grant renameCollectionSameDB privilege-action only on the source and target collections. It has to be done at a DB level.

This is a feature request to allow for a more granular permissions model for the renameCollection functionality.