Configure Database Users¶
On this page
- Database User Authentication
- Add Database Users
- Open the Add New Database User dialog.
- Select Password.
- Enter user information.
- Assign user privileges.
- Optional: Specify the resources in the project that the user can access.
- Optional: Save as temporary user.
- Click Add User.
- Open the Add New Database User dialog.
- Select Certificate.
- Enter user information.
- Assign user privileges.
- Optional: Specify the resources in the project that the user can access.
- Click Add User.
- Open the Add New Database User dialog.
- Select AWS IAM.
- Enter user information.
- Assign user privileges.
- Optional: Specify the resources in the project that the user can access.
- Optional: Save as temporary user.
- Click Add User.
- AWS IAM Connection String Example
- Modify Database Users
- Delete Database Users
- Database User Privileges
Create database users to provide clients access to the database deployments in your project. A database user's access is determined by the roles assigned to the user. When you create a database user, the user is added to all database deployments in your Atlas project.
Database users are separate from Atlas users. Database users have access to MongoDB databases, while Atlas users have access to the Atlas application itself. Atlas supports creating temporary database users that automatically expire within a user-configurable 7-day period.
Atlas audits the creation, deletion, and updates of database users in the project's Activity Feed. Atlas audits actions pertaining to both temporary and non-temporary database users. To view the project's Activity Feed, click Activity Feed in the Project section of the left navigation. For more information on the project Activity Feed, see View All Activity.
The available Atlas
database user privileges support
a subset of MongoDB commands. See Unsupported Commands in M10+ Clusters
for more information.
Atlas supports a maximum of 100 database users per Atlas project. If you require more than 100 database users on a project, contact Atlas support.
Atlas rolls back any user modifications not made through the UI or API. You must use the Atlas UI or API to add, modify, or delete database users on Atlas database deployments.
Database User Authentication¶
Atlas offers the following forms of authentication for database users:
Add Database Users¶
A project can have users with different authentication methods.
You cannot change a user's authentication method after creating that user. To use an alternative authentication method, you must create a new user.
Select an authentication mechanism and follow the steps to create a new database user.
You can also add database users through the Atlas Administration API. See Create a Database User.
Modify Database Users¶
To modify existing users for an Atlas project:
- In the Security section in the left navigation, click Database Access. The Database Users tab displays.
Click Edit for the user you want to modify. You can modify the privileges and authentication details assigned to the user. You cannot modify the authentication method.
- For SCRAM authenticated users, you can edit a user's password.
- For X.509 certificate authenticated users, you can download a new certificate.
- For AWS IAM users, you can only modify database access privileges.
For temporary users, you can also modify the time period the user exists or make the user a permanent user, provided the user's expiration date has not already passed.
NoteYou cannot change a permanent user into a temporary user. If you change a temporary user into a permanent user, you cannot make it temporary again.
- Click Update User to save the changes.
You can also modify existing users through the Atlas Administration API. See Update a Database User.
Delete Database Users¶
To delete existing users for an Atlas project:
- In the Security section in the left navigation, click Database Access. The Database Users tab displays.
- Click Delete next to the user you want to delete.
- Click Delete again to confirm.
You can also delete existing users through the Atlas Administration API. See Delete a Database User.
Database User Privileges¶
The following table describes the Database User Privileges and the MongoDB Built-in Roles or privilege actions they represent.
The following databases are read-only for all users, including
those with the atlasAdmin or clusterMonitor
role.
adminlocalconfig
atlasAdmin has the update privilege on
the config.settings collection to manage the balancer.
To learn more about on common commands that Atlas doesn't support
with the current Atlas user privileges, see
Unsupported Commands in M10+ Clusters