So frustrated at the moment! I cannot assign a Privilege or Role to my user that limits access to my specific database and collection. The only way for me to see my dev-datasource is to assign readWriteAnyDatabase@admin to my User Name. The problem with this is I can see all datasources (uat-datasource & prod-datasource).
Click on it and you have access to more built-in roles that restrict access to a namespace (myDatabse.myCollection). Base on your problem you probably need the “readWrite” built-in role.
To be complete. If for specific tasks the built in roles offered are not sufficient you can always create custom roles by following this documentation page.
Check out the following screenshot. No matter how I monkey with the roles or individual privileges I cannot just see the dev-datasource as the ONLY datasource.
Ok, the problem seems to concern the NoSQLBooster tool more than Atlas.
First of all, for me and the community we will clarify certain points.
You have your dev and prod DBs on the same Atlas cluster. True?
You want to connect with a user via NoSQLBooster and see only the database and the collection to which he has access (a dev DB). Correct?
If yes I don’t use this tool so I don’t know how to do it. Maybe someone in the community can help you. On MongoDB Compass this is done automatically, the user sees only what he has access to.
Currently, your user can no longer see anything when connected but before with the readWriteAnyDatabase built-in-role he could see all DBs ?
I think this is because of your custom role. It also depends on the actions that NoSQLBooster needs to display the info.
You can in my opinion go back to readWrite built-in-role as I mentioned earlier. It has actions like collStats or listIndexes which can be useful for external tools.
Can you confirm if your issue is with administering users via the Atlas UI or using a third party tool (NoSQL Booster is mentioned in your follow-up post).
Atlas is a managed service, so some administrative commands are limited (particularly if your cluster is provisioned on a shared tier like M0/M2/M5) and a few (like user and role management) must be performed via Atlas. Please refer to Unsupported Commands in Atlas for specific details.
Atlas rolls back any user modifications not made through the UI or API. You must use the Atlas UI or API to add, modify, or delete database users on Atlas clusters.
UPDATE
Well, thx for the MongoDB Compass mention. I had no idea that it was available. I installed Compass and it all looks good now.
Pre-Atlas, I used Robo 3T and I could not connect to Atlas with it. I then came across NoSQLBooster and was able to connect, but still didn’t see the correct results.