Atlas

Share your idea. In order to help prioritize, please include the following information

  1. A brief description of what you are looking to do
  2. How you think this will help
  3. Why this matters to you

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Granular Permissions

    Right now Mongo Atlas allows you to assign two types of roles to all the users: Organization and Project, and for each set it gives you some predefined roles.

    The problem with this is you can't have any kind of granular control of what permission is assigned to each user. (e.g. to allow a user to create a trigger through Mongo Stitch it needs the Project Owner role).

    This is a major setback as I'm giving my coworkers more access than needed.

    A good solution would be to have something like the database access control in this part so we…

    124 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  18 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  2. Project teams

    Hello,

    I think it would be a good idea to have team management at project level.
    We have many projects and members in our Atlas account.
    I'm a organization owner. The people in my organization use the Altas service. I create
    a project for them and give my colleagues the project owner authorizations.

    Project owners can invite other members. This is good. But it's a little inconsistent that
    they are not able to create groups or teams within their projects They have to manage the permissions for each member separately.

    We can't use organization teams, because they are located at…

    22 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support GCP IAM for Cluster Authentication

    Achieve feature parity with AWS IAM cluster authentication support.

    7 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow an "Any Database" option for actions in custom roles

    Much like built-in roles have the ability to target all databases/any database, it would be ideal if collection actions could also target any database. Similarly to how, when adding collection actions to a custom role, if you leave the "collection" field blank, it applies to all collections in the specified DB, it would be great if you could leave the "database" field blank too (or add an "any database" option) and have the actions associated with the role be allowed on any database.

    This feature gap creates unnecessary maintenance overhead for clusters with large numbers of databases. This is particularly…

    7 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  5. Expose the killOp() action when creating custom roles in Atlas UI

    It would be nice to have the killOp() action exposed when creating a custom role in Atlas.

    I also think it would make sense to grant this action to the atlasAdmin role, but at a minimum I feel that Project Owners should be able to create a custom role that is allowed to kill ops that were initiated by other database users.

    12 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  6. more information in AWS IAM audit logs

    We are using MongoDB-AWS for authentication, and have set up the audit log to log events taken by AWS roles. However, there is insufficient information in the logs to identify who is doing those actions, as roles can be assumed by multiple people.

    An example log line in the current audit log:
    { "atype" : "authenticate", "ts" : { "$date" : "2021-01-05T00:21:52.628+00:00" }, "local" : { "ip" : "192.168.248.203", "port" : 27017 }, "remote" : { "ip" : "172.31.0.5", "port" : 54195 }, "users" : [ { "user" : "arn:aws:sts::555555555555:assumed-role/developer-role/", "db" : "$external" } ], "roles" : [ {

    2 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  7. Projects Organization

    It would be great if we could organize the projects and not have them all at the same level of organization.
    We could use this hierarchy to put rights, consult costs ...
    A bit like the idea of Azure's management group or GCP's "Folder".

    17 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  8. Allow modifying federation role mappings via API

    We would like to use the new role mapping feature for federated authentication to assign Atlas roles based on LDAP groups assigned to our users.

    However, we frequently create new projects programmatically and would need to manage the permissions to these new projects using role mapping. However, there is no public API available to manage role mappings programmatically. In addition, enabling role mapping disables the ability to manage roles for federated users with the API. So, at present, role mappings and permissions can only be managed manually through the UI.

    We would like to request the ability to modify role…

    2 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  9. Atlas API Enhancements

    Since we want to automate the user (de)provisioning for organizations and projects, we would like to see the following API enhancements:

    Please enhance the Mongo Atlas API for the following functionalities:
    - invite (existing mongo) user to organization (currently not possible)
    - remove user from organization
    - get invitation status from user
    - cancel invitation for user

    Thank you

    2 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  10. Ability to invalidate or revoke a X.509 certificate that was not expired.

    Currently, X.509 certificates can be issued for authentication and authorization. However, it is not possible to invalidate an already issued certificate. In a situation where the certificate would be compromised, it is therefore not possible to invalidate it and re-issue a new one. The only way is to delete the user associated with the certificate and create a new user account (New CN).

    1 vote
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  11. Teams API should show the projects the team is a member of

    Right now the API to retrieve information of a team ( either by ID or by Name ) only gives the name, the id and a link of the specific team.

    I would like to see to what projects a team has access with which permissions ( as you can see via the atlas console ).

    This would help a lot with automating access management

    1 vote
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  12. Domain Validation should use subdomain rather than domain root

    When entering the txt value for validation atlas should use its own subdomain for the verification rather than requiring the domain root which is often populated with spf keys.

    Other examples of this implementation are

    Github: github-challenge-org.domain.com
    Mandrill: mandrill.
    domainkey.domain.com
    Google: google._domainkey.domain.com

    1 vote
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  13. Support for User Groups with Separate Authentication Configurations

    Currently Atlas only uses a single (flat) user group which only allows for 1 type of authentication per Organization.

    However if Federated Authentication is enabled, the authentication mechanism in Atlas is bypassed for the IdP based on the domain name of the user and the configuration of Atlas Authentication.

    This causes a problem if there are multiple groups of users who all share a domain name, some of whom are registered in an IdP, and some of whom are not registered in an IdP (for example users in 2 divisions of the same company).

    In this scenario, users who are…

    7 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  14. Project Monitoring Admin -- Access

    Hi Team,

    We need to give access to a particular team so they can create, edit, clone, disable, and delete the alarm for the entire organization in Alert setting only.

    We should not give them access other than the Alert setting. Is there any way to give access for Alert setting only, kindly provide your suggestions at the earliest.

    Please provide us steps if there's any way to create custom access for alert settings alone.

    3 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  15. Filter users list by organization role

    The Users view in the Access Manager really needs a way to either sort or filter by role, so I can see a single screen with just the users who are Owners, for example.

    1 vote
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  16. Improve 2FA and auth management

    Right now, there is no way to require Google auth or to require 2FA. The only way to enforce 2FA for a team is to check the team mangagement page. However, since some users may have only used Google auth to login, they will show up in this view as not having 2FA, creating auditing headaches. Please
    - indicate if a user does not have 2fa because they do not have a password vs just not having 2fa
    - ideally, add the ability to require 2fa and/or Google auth for all team members

    7 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  17. Ability to customize the name of the invite sender in emails when inviting users via API

    When inviting new Atlas Users to organizations via the API, the invite email says that the invite was sent by the API public key that performed the API call. This makes the invitation emails read like this:

    "You have been invited by tfqzvwrs to join the Example - Atlas organization on MongoDB Atlas."

    The ability to customize this (e.g. using an additional field in the request body) would be ideal since the random string being shown as the sender of the invite could make the email look suspect.

    1 vote
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  18. Authentification on Azure (IAM)

    Hello,

    We absolutely need a more modern authentication method than using LDAPS to authenticate users against the MongoDB databases that we deploy with Atlas. When will we see a modern authentication service at this level? Ideally, we want cloud functionality equivalent to AWS IAM but on Azure.

    1 vote
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  19. Allow Pending Users to be Added to a Team

    When trying to implement Atlas infrastructure for Organization/Project users, the Teams functionality is useless unless we can add pending users to a Team. Right now, if a new user doesn't login for two weeks, we can't assign them to a Team until two weeks after the implementation was supposed to be configured.

    9 votes
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
  20. My entire team receives the billing info every month.

    Billing should be limited to organization owners only and not viewable by the entire organization.

    1 vote
    Sign in Sign in with: your MongoDB Account
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  IAM  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1
  • Don't see your idea?

Feedback and Knowledge Base