Users Management

For MongoDB clusters, you have to manage users via the IONOS API and creating users inside the database is not possible. This document shows you in detail how to create, view, and delete users.

Roles

In MongoDB most roles are scoped to a database. For example you grant readWrite permissions on database mydb. The exception are roles that grant permissions to all databases, for example readAnyDatabase.

Assignable roles have several restrictions to avoid customers breaking out of their database or breaking internal stuff:

  • Currently, you can only assign built-in roles. Out of those currently only read, readWrite, readAnyDatabase, readWriteAnyDatabase, dbAdmin, dbAdminAnyDatabase and clusterMonitor are supported.

  • Roles with the suffix *AnyDatabase are granted only on the admin database, which is the main user management database.

  • Roles read, readWrite and dbAdmin cannot be granted on config and local databases.

Adding a user

When creating a user you need to consider the following:

  • All users are created in the admin database.

  • The combination of username and database must be unique within the MongoDB cluster.

  • You can only change the assigned roles and the password of a user.

  • You can't have more than 100 users in a cluster.

To add users to a MongoDB cluster, use the POST request for each user.

curl --include \
    --request POST \
    --user "clientname@ionos.com:Mb2.r5oHf-0t" \
    --header "Content-Type: application/json" \
    --data-binary '{
      "metadata": {},
      "properties": {
        "username": "benjamin",
        "password": "password",
        "roles": [
          {
            "role": "readWrite",
            "database": "mydb"
          }
        ]
      }
    }' \
    https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users
{
  "type": "user",
  "metadata": {
    "createdDate": "2020-12-10T12:37:50.000Z",
    "createdBy": "clientname@ionos.com",
    "createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
  },
  "properties": {
    "username": "benjamin",
    "roles": [
      {
        "role": "readWrite",
        "database": "mydb"
      }
    ]
  }
}

Deleting user

To delete a user from MongoDB cluster, use the DELETE request as follows:

curl --include \
    --request DELETE \
    --user "clientname@ionos.com:Mb2.r5oHf-0t" \
    --header "Content-Type: application/json" \
    https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin

Getting all users

To get a list of all users defined in MongoDB cluster, use the GET request as follows:

curl --include \
    --request GET \
    --user "clientname@ionos.com:Mb2.r5oHf-0t" \
    --header "Content-Type: application/json" \
    https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users
{
  "id": "498ae72f-411f-11eb-9d07-046c59cc737e",
  "type": "collection",
  "items": [
    {
      "type": "user",
      "metadata": {
        "createdDate": "2020-12-10T12:37:50.000Z",
        "createdBy": "clientname@ionos.com",
        "createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
      },
      "properties": {
        "username": "benjamin",
        "roles": [
          {
            "role": "readWrite",
            "database": "mydb"
          }
        ]
      }
    }
  ]
}

Getting a single user

To get a specific user in a MongoDB cluster, use the GET request as follows:

curl --include \
    --request GET \
    --user "clientname@ionos.com:Mb2.r5oHf-0t" \
    --header "Content-Type: application/json" \
    https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
{
  "type": "user",
  "metadata": {
    "createdDate": "2020-12-10T12:37:50.000Z",
    "createdBy": "clientname@ionos.com",
    "createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
  },
  "properties": {
    "username": "benjamin",
    "roles": [
      {
        "role": "readWrite",
        "database": "mydb"
      }
    ]
  }
}

Modifying a single user

Changing the password

To update the password of a specific user in a MongoDB cluster, use the PATCH request as follows:

curl --include \
    --request PATCH \
    --user "clientname@ionos.com:Mb2.r5oHf-0t" \
    --header "Content-Type: application/json" \
    --data-binary '{
      "properties": {
        "password": "new super secure password",
      }
    }' \
    https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
{
  "type": "user",
  "metadata": {
    "createdDate": "2020-12-10T12:37:50.000Z",
    "createdBy": "clientname@ionos.com",
    "createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
  },
  "properties": {
    "username": "benjamin",
    "roles": [
      {
        "role": "readWrite",
        "database": "mydb"
      }
    ]
  }
}

Changing the roles

To update the assigned roles of a specific user in a MongoDB cluster, use the PATCH request with the new list of assigned roles. Note that the request replaces the old role list, meaning that any existing roles missing from the patch will be deleted.

curl --include \
    --request PATCH \
    --user "clientname@ionos.com:Mb2.r5oHf-0t" \
    --header "Content-Type: application/json" \
    --data-binary '{
      "properties": {
        "roles": [
          {"database": "mydb", "role": "read"}
        ]
      }
    }' \
    https://api.ionos.com/databases/mongodb/clusters/498ae72f-411f-11eb-9d07-046c59cc737e/users/benjamin
{
  "type": "user",
  "metadata": {
    "createdDate": "2020-12-10T12:37:50.000Z",
    "createdBy": "clientname@ionos.com",
    "createdByUserId": "012342f-411f-1eeb-9d07-046c59cc737e"
  },
  "properties": {
    "username": "benjamin",
    "roles": [
      {
        "role": "read",
        "database": "mydb"
      }
    ]
  }
}

Last updated

Revision created

commented latest release