Links

Users Management

For MongoDB clusters you have to manage users via the IONOS API and can't create users inside the database. This How-To shows you in detail how to create, view, and delete users.

Roles

In MongoDB most roles are scoped to a database. For example you grant readWrite permissions on database mydb. The exception are roles that grant permissions to all databases, for example readAnyDatabase.
Assignable roles have several restrictions to avoid customers breaking out of their database or breaking internal stuff:
  • Currently, you can only assign predefined roles. Out of those currently only read, readWrite, readAnyDatabase, readWriteAnyDatabase, dbAdmin, dbAdminAnyDatabase and clusterMonitor are supported.
  • Roles with the suffix ...AnyDatabase can only be granted on the admin database.
  • Roles read, readWrite and dbAdmin cannot be granted on config and local databases.

Adding a user

When creating a user you need to consider the following:
  • All users are created in the admin database.
  • The combination of username and database must be unique within the MongoDB cluster.
  • You can only change the assigned roles and the password of a user.
  • You can't have more than 100 users in a cluster.
To add users to a MongoDB cluster, simply issue a POST request for each user.
curl --include \
--request POST \
--user "[email protected]:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
--data-binary '{
"metadata": {},
"properties": {
"user": {
"username": "username",
"password": "password",
"database": "database to use during authentication",
"roles": [
{
"role": "readWrite",
}
]
}
}
}' \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users

Deleting user

To delete a user from MongoDB cluster, simply issue a DELETE request as follows:
curl --include \
--request DELETE \
--user "[email protected]:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/admin/username
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "[email protected]",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e",
"state": "DESTROYING"
},
"properties": {
"username": "username",
"database": "admin",
"roles": [
{
"role": "readWrite"
}
]
}
}

Getting all users

To get a list of all users defined in MongoDB cluster, simply issue a GET request as follows:
curl --include \
--request GET \
--user "[email protected]:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users
{
"id": "498ae72f-411f-11eb-9d07-046c59cc737e",
"type": "collection",
"items": [
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "[email protected]",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e",
"state": "AVAILABLE"
},
"properties": {
"username": "username",
"database": "database to use during authentication",
"roles": [
{
"role": "readWrite"
}
]
}
}
]
}

Getting a single user

To get a specific user in a MongoDB cluster, simply issue a GET request as follows:
curl --include \
--request GET \
--user "[email protected]:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/admin/username
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "[email protected]",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e",
"state": "AVAILABLE"
},
"properties": {
"username": "username",
"database": "admin",
"roles": [
{
"role": "readWrite"
}
]
}
}

Modifying a single user

Changing the password

To update the password of a specific user in a MongoDB cluster, simply issue a PATCH request as follows:
curl --include \
--request PATCH \
--user "[email protected]:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
--data-binary '{
"properties": {
"password": "new super secure password",
}
}' \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/admin/username

Changing the roles

To update the assigned roles of a specific user in a MongoDB cluster, simply issue a PATCH request with the new list of assigned roles. Note that the request replaces the old role list, meaning that any existing roles missing from the patch will be deleted.
curl --include \
--request PATCH \
--user "[email protected]:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
--data-binary '{
"properties": {
"roles": [
{"database": "mydb", "role": "read"}
]
}
}' \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/admin/username