Users Management
For MongoDB clusters, you have to manage users via the IONOS API and creating users inside the database is not possible. This document shows you in detail how to create, view, and delete users.
Roles
In MongoDB most roles are scoped to a database. For example you grant readWrite
permissions on database mydb
. The exception are roles that grant permissions to all databases, for example readAnyDatabase.
Assignable roles have several restrictions to avoid customers breaking out of their database or breaking internal stuff:
Currently, you can only assign built-in roles. Out of those currently only
read
,readWrite
,readAnyDatabase
,readWriteAnyDatabase
,dbAdmin
,dbAdminAnyDatabase
andclusterMonitor
are supported.Roles with the suffix
*AnyDatabase
are granted only on theadmin
database, which is the main user management database.Roles
read
,readWrite
anddbAdmin
cannot be granted onconfig
andlocal
databases.
Adding a user
When creating a user you need to consider the following:
All users are created in the
admin
database.The combination of username and database must be unique within the MongoDB cluster.
You can only change the assigned roles and the password of a user.
You can't have more than 100 users in a cluster.
To add users to a MongoDB cluster, use the POST request for each user.
curl --include \
--request POST \
--user "[email protected]:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
--data-binary '{
"metadata": {},
"properties": {
"username": "benjamin",
"password": "password",
"roles": [
{
"role": "readWrite",
"database": "mydb"
}
]
}
}' \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "[email protected]",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
},
"properties": {
"username": "benjamin",
"roles": [
{
"role": "readWrite",
"database": "mydb"
}
]
}
}
Deleting user
To delete a user from MongoDB cluster, use the DELETE request as follows:
curl --include \
--request DELETE \
--user "[email protected]:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
Getting all users
To get a list of all users defined in MongoDB cluster, use the GET request as follows:
curl --include \
--request GET \
--user "[email protected]:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users
{
"id": "498ae72f-411f-11eb-9d07-046c59cc737e",
"type": "collection",
"items": [
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "[email protected]",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
},
"properties": {
"username": "benjamin",
"roles": [
{
"role": "readWrite",
"database": "mydb"
}
]
}
}
]
}
Getting a single user
To get a specific user in a MongoDB cluster, use the GET request as follows:
curl --include \
--request GET \
--user "[email protected]:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "[email protected]",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
},
"properties": {
"username": "benjamin",
"roles": [
{
"role": "readWrite",
"database": "mydb"
}
]
}
}
Modifying a single user
Changing the password
To update the password of a specific user in a MongoDB cluster, use the PATCH request as follows:
curl --include \
--request PATCH \
--user "[email protected]:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
--data-binary '{
"properties": {
"password": "new super secure password",
}
}' \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "[email protected]",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
},
"properties": {
"username": "benjamin",
"roles": [
{
"role": "readWrite",
"database": "mydb"
}
]
}
}
Changing the roles
To update the assigned roles of a specific user in a MongoDB cluster, use the PATCH request with the new list of assigned roles. Note that the request replaces the old role list, meaning that any existing roles missing from the patch will be deleted.
curl --include \
--request PATCH \
--user "[email protected]:Mb2.r5oHf-0t" \
--header "Content-Type: application/json" \
--data-binary '{
"properties": {
"roles": [
{"database": "mydb", "role": "read"}
]
}
}' \
https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
{
"type": "user",
"metadata": {
"createdDate": "2020-12-10T12:37:50.000Z",
"createdBy": "[email protected]",
"createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
},
"properties": {
"username": "benjamin",
"roles": [
{
"role": "read",
"database": "mydb"
}
]
}
}
Last updated
Was this helpful?