Hi,
I am new to Atlas Mongo . I am trying to connect to Mongo DB using compass with Atlas credentials(Associated email & password) & getting errors.
Hi,
I am new to Atlas Mongo . I am trying to connect to Mongo DB using compass with Atlas credentials(Associated email & password) & getting errors.
You should not use Atlas credentials here, it looks like that is what you are using. There are database specific credentials.
Follow the Cluster Access Quickstart guide to get connected:
https://www.mongodb.com/docs/atlas/security/quick-start/
Thank you Chris for responding.
I want to query list of users & there access for each DB in the cluster & When I try to query this info I am getting access denied.
How can I grant elevated access to the DB user to query user & role info
Could not read users from database:
Mongo Server error (MongoCommandException): Command failed with error 13 (Unauthorized): ‘not authorized on XXXX to execute command { usersInfo: 1, $db: “XXXX”, $clusterTime: { clusterTime: Timestamp(1704040482, 1), signature: { hash: BinData(0, 109715C3463962F8C135D27205DD81A6930CEE6C), keyId: 7296204105012215813 } }, lsid: { id: UUID(“63693c1f-0cd5-4b6a-9eca-6a674b5d5b3d”) } }’ on server XXXXX.XXXXX.mongodb.net:1025.
The full response is:
{
“ok” : 0.0,
“errmsg” : “not authorized on XXXX to execute command { usersInfo: 1, $db: "XXXX", $clusterTime: { clusterTime: Timestamp(1704040482, 1), signature: { hash: BinData(0, 109715C3463962F8C135D27205DD81A6930CEE6C), keyId: 7296204105012215813 } }, lsid: { id: UUID("63693c1f-0cd5-4b6a-9eca-6a674b5d5b3d") } }”,
“code” : 13.0,
“codeName” : “Unauthorized”,
“$clusterTime” : {
“clusterTime” : Timestamp(1704040482, 1),
“signature” : {
“hash” : BinData(0, “EJcVw0Y5YvjBNdJyBd2BppMM7mw=”),
“keyId” : NumberLong(7296204105012215813)
}
},
“operationTime” : Timestamp(1704040482, 1)
}
This is a limited command on shared tier clusters(M0,M2,M5).
usersInfo
Limits to the following document:{ "user": "<MYUSER>", "db": "admin" }
So only userInfo for the currently authenticated user is permitted.
Managing Database users can be done via the User Interface:
https://www.mongodb.com/docs/atlas/security-add-mongodb-users/#configure-database-users
Programmatic Access is available through the Atlas API either using the endpoints directly or via tools like Atlas CLI and Infrastructure as Code tools Terraform, AWS Cloud Formation and AWS CDK.
We are trying to produce list of users & there access for auditing purpose .Based on your suggestion there is no easy way to produce this report other than using CLI’s or terraform?
Not at all, just listing some of the ways to fetch and manage dbusers.
This doc page has Atllas CLI, Atlas Administration API and Atlas UI methods to list dbusers. https://www.mongodb.com/docs/atlas/security-add-mongodb-users/#view-database-users-and-certificates
A screenshot from the gui would be good for most auditing purposes, thought Atlas CLI is easy to use for this purpose too.
Thank you Chris.I used Atlas CLI to get the info needed.