Hi, Is there a way we can add group of users under one name to the database user list in Atlas. We know this is possible to deal with the project access with teams but could this be possible for database users.any help on this is appreciated… thanks.
1 Like
I don’t think this is possible. What you can do instead is give people access to the project and give them enough permissions so they can create their database user themselves. This gives them a chance to choose their username & password.
Also this gives them access to the metrics, connection strings & all the other things they will need at some point.
Cheers,
Maxime.
Thanks… but the customer which I work for is very specific about this and don’t want the application teams to be not the user admins. This created the problem for us.
Would create the database users via the Atlas CLI help maybe?
https://docs.mongodb.com/mongocli/stable/reference/atlas/dbuser-create/
There is a lot of granularity & flexibility in the Org and Project roles in Atlas.
I don’t think you need to be an admin. I would assume that a combo Organization Member + Project Data Access Read/Write is enough.
LDAP can also be used for this with LDAP group membership used for authorization. However many folks struggle to make their LDAP directory accessible over the network from the Atlas cluster nodes (which is a prereq) so this isn’t a slam dunk.
1 Like
We have the setup to run the ps scripts to create or modify database users with hashicorp vault authorization. The other thing you mentioned about user access gives the user management access, this is interesting.