Grants MongoDB employee cluster access for the given duration and at the specified level for one cluster. To use this resource, the requesting Service Account or API Key must have the Project Owner role or Project Support Access Manager role.
Path parameters
-
Unique 24-hexadecimal digit string that identifies your project. Use the /groups endpoint to retrieve all projects to which the authenticated user has access.
NOTE: Groups and projects are synonymous terms. Your group id is the same as your project id. For existing groups, your group/project id remains the same. The resource and corresponding endpoints use the term groups.
Format should match the following pattern:
^([a-f0-9]{24})$. -
Human-readable label that identifies this cluster.
Format should match the following pattern:
^[a-zA-Z0-9][a-zA-Z0-9-]*$.
Query parameters
-
Flag that indicates whether Application wraps the response in an
envelopeJSON object. Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query. Endpoints that return a list of results use the results object as an envelope. Application adds the status parameter to the response body.Default value is
false. -
Flag that indicates whether the response body should be in the prettyprint format.
Default value is
false.Prettyprint
Body
Required
Grant access level and expiration.
-
Expiration date for the employee access grant. This parameter expresses its value in the ISO 8601 timestamp format in UTC.
-
Level of access to grant to MongoDB Employees.
Values are
CLUSTER_DATABASE_LOGS,CLUSTER_INFRASTRUCTURE, orCLUSTER_INFRASTRUCTURE_AND_APP_SERVICES_SYNC_DATA.
atlas api clusters grantMongoEmployeeAccess --helpimport (
"os"
"context"
"log"
sdk "go.mongodb.org/atlas-sdk/v20250312001/admin"
)
func main() {
ctx := context.Background()
clientID := os.Getenv("MONGODB_ATLAS_CLIENT_ID")
clientSecret := os.Getenv("MONGODB_ATLAS_CLIENT_SECRET")
// See https://dochub.mongodb.org/core/atlas-go-sdk-oauth
client, err := sdk.NewClient(sdk.UseOAuthAuth(clientID, clientSecret))
if err != nil {
log.Fatalf("Error: %v", err)
}
params = &sdk.GrantGroupClusterMongoDbEmployeeAccessApiParams{}
sdkResp, httpResp, err := client.ClustersApi.
GrantGroupClusterMongoDbEmployeeAccessWithParams(ctx, params).
Execute()
}
curl --include --header "Authorization: Bearer ${ACCESS_TOKEN}" \
--header "Accept: application/vnd.atlas.2025-03-12+json" \
--header "Content-Type: application/json" \
-X POST "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/clusters/{clusterName}:grantMongoDBEmployeeAccess" \
-d '{ <Payload> }'curl --user "${PUBLIC_KEY}:${PRIVATE_KEY}" \
--digest --include \
--header "Accept: application/vnd.atlas.2025-03-12+json" \
--header "Content-Type: application/json" \
-X POST "https://cloud.mongodb.com/api/atlas/v2/groups/{groupId}/clusters/{clusterName}:grantMongoDBEmployeeAccess" \
-d '{ <Payload> }'{
"expirationTime": "2026-05-04T09:42:00Z",
"grantType": "CLUSTER_DATABASE_LOGS"
}{
"error": 400,
"detail": "(This is just an example, the exception may not be related to this endpoint) No provider AWS exists.",
"reason": "Bad Request",
"errorCode": "VALIDATION_ERROR"
}{
"error": 401,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Unauthorized",
"errorCode": "NOT_ORG_GROUP_CREATOR"
}{
"error": 403,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Forbidden",
"errorCode": "CANNOT_CHANGE_GROUP_NAME"
}{
"error": 404,
"detail": "(This is just an example, the exception may not be related to this endpoint) Cannot find resource AWS",
"reason": "Not Found",
"errorCode": "RESOURCE_NOT_FOUND"
}{
"error": 409,
"detail": "(This is just an example, the exception may not be related to this endpoint) Cannot delete organization link while there is active migration in following project ids: 60c4fd418ebe251047c50554",
"reason": "Conflict",
"errorCode": "CANNOT_DELETE_ORG_ACTIVE_LIVE_MIGRATION_ATLAS_ORG_LINK"
}{
"error": 500,
"detail": "(This is just an example, the exception may not be related to this endpoint)",
"reason": "Internal Server Error",
"errorCode": "UNEXPECTED_ERROR"
}