# Users Management
For MongoDB clusters, you have to manage users via the IONOS API and creating users inside the database is not possible. This document shows you in detail how to create, view, and delete users.
### Roles
In MongoDB most roles are scoped to a database. For example you grant `readWrite` permissions on database `mydb`. The exception are roles that grant permissions to all databases, for example [readAnyDatabase](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-readAnyDatabase).
Assignable roles have several restrictions to avoid customers breaking out of their database or breaking internal stuff:
* Currently, you can only assign [built-in roles](https://www.mongodb.com/docs/manual/reference/built-in-roles/). Out of those currently only `read`, `readWrite`, `readAnyDatabase`, `readWriteAnyDatabase`, `dbAdmin`, `dbAdminAnyDatabase` and `clusterMonitor` are supported.
* Roles with the suffix `*AnyDatabase` are granted only on the `admin` database, which is the main user management database.
* Roles `read`, `readWrite` and `dbAdmin` cannot be granted on `config` and `local` databases.
### Adding a user
When creating a user you need to consider the following:
* All users are created in the `admin` database.
* The combination of username and database must be unique within the MongoDB cluster.
* You can only change the assigned roles and the password of a user.
* You can't have more than 100 users in a cluster.
To add users to a MongoDB cluster, use the POST request for each user.
```bash
curl --include \
--request POST \
--user "clientname@ionos.com:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
--data-binary '{
"metadata": {},
"properties": {
"username": "benjamin",
"password": "password",
"roles": [
{
"role": "readWrite",
"database": "mydb"
}
]
}
}' \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users
```
```json
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "clientname@ionos.com",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
},
"properties": {
"username": "benjamin",
"roles": [
{
"role": "readWrite",
"database": "mydb"
}
]
}
}
```
### Deleting user
To delete a user from MongoDB cluster, use the DELETE request as follows:
```bash
curl --include \
--request DELETE \
--user "clientname@ionos.com:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
```
### Getting all users
To get a list of all users defined in MongoDB cluster, use the GET request as follows:
```bash
curl --include \
--request GET \
--user "clientname@ionos.com:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users
```
```json
{
"id": "498ae72f-411f-11eb-9d07-046c59cc737e",
"type": "collection",
"items": [
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "clientname@ionos.com",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
},
"properties": {
"username": "benjamin",
"roles": [
{
"role": "readWrite",
"database": "mydb"
}
]
}
}
]
}
```
### Getting a single user
To get a specific user in a MongoDB cluster, use the GET request as follows:
```bash
curl --include \
--request GET \
--user "clientname@ionos.com:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
```
```json
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "clientname@ionos.com",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
},
"properties": {
"username": "benjamin",
"roles": [
{
"role": "readWrite",
"database": "mydb"
}
]
}
}
```
### Modifying a single user
#### Changing the password
To update the password of a specific user in a MongoDB cluster, use the PATCH request as follows:
```bash
curl --include \
--request PATCH \
--user "clientname@ionos.com:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
--data-binary '{
"properties": {
"password": "new super secure password",
}
}' \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
```
```json
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "clientname@ionos.com",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
},
"properties": {
"username": "benjamin",
"roles": [
{
"role": "readWrite",
"database": "mydb"
}
]
}
}
```
#### Changing the roles
To update the assigned roles of a specific user in a MongoDB cluster, use the PATCH request with the new list of assigned roles. Note that the request replaces the old role list, meaning that any existing roles missing from the patch will be deleted.
```bash
curl --include \
--request PATCH \
--user "clientname@ionos.com:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
--data-binary '{
"properties": {
"roles": [
{"database": "mydb", "role": "read"}
]
}
}' \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
```
```json
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "clientname@ionos.com",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
},
"properties": {
"username": "benjamin",
"roles": [
{
"role": "read",
"database": "mydb"
}
]
}
}
```