# Users Management

For MongoDB clusters, you have to manage users via the IONOS API and creating users inside the database is not possible. This document shows you in detail how to create, view, and delete users.

### Roles

In MongoDB most roles are scoped to a database. For example you grant `readWrite` permissions on database `mydb`. The exception are roles that grant permissions to all databases, for example [<mark style="color:blue;">readAnyDatabase</mark>](https://www.mongodb.com/docs/manual/reference/built-in-roles/#mongodb-authrole-readAnyDatabase).

Assignable roles have several restrictions to avoid customers breaking out of their database or breaking internal stuff:

* Currently, you can only assign [<mark style="color:blue;">built-in roles</mark>](https://www.mongodb.com/docs/manual/reference/built-in-roles/). Out of those currently only `read`, `readWrite`, `readAnyDatabase`, `readWriteAnyDatabase`, `dbAdmin`, `dbAdminAnyDatabase` and `clusterMonitor` are supported.
* Roles with the suffix `*AnyDatabase` are granted only on the `admin` database, which is the main user management database.
* Roles `read`, `readWrite` and `dbAdmin` cannot be granted on `config` and `local` databases.

### Adding a user

When creating a user you need to consider the following:

* All users are created in the `admin` database.
* The combination of username and database must be unique within the MongoDB cluster.
* You can only change the assigned roles and the password of a user.
* You can't have more than 100 users in a cluster.

To add users to a MongoDB cluster, use the POST request for each user.

```bash
curl --include \
    --request POST \
    --user "clientname@ionos.com:Mb2.r5oHf-0t" \
    --header "Content-Type: application/json" \
    --data-binary '{
      "metadata": {},
      "properties": {
        "username": "benjamin",
        "password": "password",
        "roles": [
          {
            "role": "readWrite",
            "database": "mydb"
          }
        ]
      }
    }' \
    https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users
```

```json
{
  "type": "user",
  "metadata": {
    "createdDate": "2020-12-10T12:37:50.000Z",
    "createdBy": "clientname@ionos.com",
    "createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
  },
  "properties": {
    "username": "benjamin",
    "roles": [
      {
        "role": "readWrite",
        "database": "mydb"
      }
    ]
  }
}
```

### Deleting user

To delete a user from MongoDB cluster, use the DELETE request as follows:

```bash
curl --include \
    --request DELETE \
    --user "clientname@ionos.com:Mb2.r5oHf-0t" \
    --header "Content-Type: application/json" \
    https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
```

### Getting all users

To get a list of all users defined in MongoDB cluster, use the GET request as follows:

```bash
curl --include \
    --request GET \
    --user "clientname@ionos.com:Mb2.r5oHf-0t" \
    --header "Content-Type: application/json" \
    https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users
```

```json
{
  "id": "498ae72f-411f-11eb-9d07-046c59cc737e",
  "type": "collection",
  "items": [
    {
      "type": "user",
      "metadata": {
        "createdDate": "2020-12-10T12:37:50.000Z",
        "createdBy": "clientname@ionos.com",
        "createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
      },
      "properties": {
        "username": "benjamin",
        "roles": [
          {
            "role": "readWrite",
            "database": "mydb"
          }
        ]
      }
    }
  ]
}

```

### Getting a single user

To get a specific user in a MongoDB cluster, use the GET request as follows:

```bash
curl --include \
    --request GET \
    --user "clientname@ionos.com:Mb2.r5oHf-0t" \
    --header "Content-Type: application/json" \
    https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
```

```json
{
  "type": "user",
  "metadata": {
    "createdDate": "2020-12-10T12:37:50.000Z",
    "createdBy": "clientname@ionos.com",
    "createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
  },
  "properties": {
    "username": "benjamin",
    "roles": [
      {
        "role": "readWrite",
        "database": "mydb"
      }
    ]
  }
}
```

### Modifying a single user

#### Changing the password

To update the password of a specific user in a MongoDB cluster, use the PATCH request as follows:

```bash
curl --include \
    --request PATCH \
    --user "clientname@ionos.com:Mb2.r5oHf-0t" \
    --header "Content-Type: application/json" \
    --data-binary '{
      "properties": {
        "password": "new super secure password",
      }
    }' \
    https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
```

```json
{
  "type": "user",
  "metadata": {
    "createdDate": "2020-12-10T12:37:50.000Z",
    "createdBy": "clientname@ionos.com",
    "createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
  },
  "properties": {
    "username": "benjamin",
    "roles": [
      {
        "role": "readWrite",
        "database": "mydb"
      }
    ]
  }
}
```

#### Changing the roles

To update the assigned roles of a specific user in a MongoDB cluster, use the PATCH request with the new list of assigned roles. Note that the request replaces the old role list, meaning that any existing roles missing from the patch will be deleted.

```bash
curl --include \
    --request PATCH \
    --user "clientname@ionos.com:Mb2.r5oHf-0t" \
    --header "Content-Type: application/json" \
    --data-binary '{
      "properties": {
        "roles": [
          {"database": "mydb", "role": "read"}
        ]
      }
    }' \
    https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
```

```json
{
  "type": "user",
  "metadata": {
    "createdDate": "2020-12-10T12:37:50.000Z",
    "createdBy": "clientname@ionos.com",
    "createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
  },
  "properties": {
    "username": "benjamin",
    "roles": [
      {
        "role": "read",
        "database": "mydb"
      }
    ]
  }
}
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ionos.com/cloud/~/revisions/AMiYziCllTKB2y2lmONY/databases/mongodb/api-howtos/users-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.