The Network Access and Database Access which talks about DB users and source IP restrictions to connect to the cluster, are not followed for Data explorer or Browse Collections in the Atlas UI - Users with Project Data Access ReadOnly are able to view the data in the Atlas UI.
Atlas UI connects to the cluster using some connection string too I believe, if yes, then why it is not following/adhering to the project’s DB/Network Access restrictions.
Hi @Alex_Chow , thank you for reaching out! The Atlas Data Explorer (accessible via the Browse Collections button) adheres to any IP access list restrictions configured for the Atlas UI, and it uses a secure mechanism managed by MongoDB to connect to clusters that is separate from network access restrictions enforced for other connections established to Atlas clusters. This approach gives users the convenience of accessing data quickly and securely from the browser without worrying about managing IP access lists, trusting their connections managed directly by MongoDB.
Please let us know if you have more feedback on the topic and would like to speak with someone from our team. We’d love to connect.
1 Like
Hello @Betsy_Button , thank you for your time and response for this query.
Follow-up queries:
- IP access list restrictions configured for Atlas UI → Where is this present and how can I configure it? Or are you referring to the ‘IP Access list for Atlas Admin API’ which restricts for API key/Service account?
- Since an Atlas user with Data Access is able to read the data through UI - does it mean there is a DB user created in mongoDB for them?
Hi @Alex_Chow , no problem! Happy to answer any questions.
- You can configure and enable IP access lists for the Atlas UI in Organization Settings. Feel free to read more specifics in our documentation: Manage Organization Access - Atlas - MongoDB Docs
- MongoDB requires a database user for any cluster connection. Data Explorer securely manages access behind the scenes for users, and it still follows this same paradigm. If you’d like to learn more about the database user connecting to clusters in your Atlas project, Data Explorer user activity can be analyzed the same way as activity performed by any other database user via server logs or database audit logs.