Granular Permissions
Right now Mongo Atlas allows you to assign two types of roles to all the users: Organization and Project, and for each set it gives you some predefined roles.
The problem with this is you can't have any kind of granular control of what permission is assigned to each user. (e.g. to allow a user to create a trigger through Mongo Stitch it needs the Project Owner role).
This is a major setback as I'm giving my coworkers more access than needed.
A good solution would be to have something like the database access control in this part so we can create our own custom roles to assign to he users.
-
Ramón commented
+1
My organization is using MongoDB Atlas for some daily tasks. I’d love to set fine-grained permissions to, for example, edit specific collections. -
David commented
I was told this issue is preventing us from using the API without creating a key that has __owner__ access. If that's true, then it... it seems outrageous?
I cannot open our system up to a ransomware attack because my team is trying to setup scripting for compliance and disaster recovery.
Is this truly under active development? It has been an open issue since 2020? Can additional resources be allocated and an estimate provided? Perhaps a smaller release could be cut to allow API keys with more granular permissions?
I obviously am not privy to your backlog, and I certainly understand the difficulty of prioritizing items like this instead of new features that would improve sales, but this seems pretty egregious if you would like your clients to pass compliance and have disaster recovery scripting.
Hopefully I am misunderstanding the situation and an alternative or workaround can be proposed. I would absolutely love to be wrong about this. -
Milosz commented
Hi,
I also agree this is imperative (for I believe any large organisation) to manage permissions in Atlas. Can we get an ETA on this please?
The link provided by admin points to this specific feedback item.
Thank you.
-
Ramandeep commented
The request was opened in 2020. It shows that this item was s tarted two years ago (2022). Seems like you have not started (or at least you did not back in 2022). Could you please provide us with an ETA?
-
Shaun commented
This would be very helpful for compliance to restrict access based on need to know
-
AdminFuat (Admin, MongoDB) commented
Hi Hyung,
Thank you for your feedback. This is a feature currently under active development. I recommend to follow it with existing feedback item: https://feedback.mongodb.com/forums/924145-atlas/suggestions/39906208-granular-permissions
Thank you,
Fuat
- -
Hyung commented
Atlas admin can assign specific permissions to a custom Atlas role which will be very useful to control users for the project/org level. This is the same concept of the custom role of database user.
-
Daniel Davis commented
Specifically - managing project access lists can add a lot to security but that's much less effective if I'm creating an Project Owner api key to do so.
-
Victor Milhem commented
Hi Mongo Team.
Could you please bring an update on progress for this feature?
Thanks in advance ;)
-
Masrukhan Zuliyanto commented
Hi Mongo Team,
I would really like this feature implement immediately.
Because if we organization consist of Developer, Data Team and Tech.
Now only Tech have full access, if we share to Developer and Data Team it would cause issue, because we should not allow other team for able to read all the data inside cluster. -
Marco commented
I second on this request, this should be a top priority fix.
It doesn't make sense when I restirct access from DB while all user can just access everyhing from Atlas UI(we do need this b/c Atlas Chart is a selling point to us), there should have some consistence of access control across frontend & backend.
-
Ash Hammond commented
I have just raised a support ticket with the following limitation as more granularity is required. You must grant the ORG_OWNER role to an API key if you need only READ access to the Federation Settings. The ORG_READ_ONLY role receives a 403. The permissions need to be more granular.
-
AdminFuat (Admin, MongoDB) commented
Hi Jaime, thank you for the feedback. We are actively working on this feature. I will close this feedback item as it is a duplicate but please follow it here https://feedback.mongodb.com/forums/924145-atlas/suggestions/39906208-granular-permissions to get updates.
-
Jaime commented
Create the ability to make custom Project Roles to allow for users to have some of the Project Owner permissions but not all. In our example, we want to limit who can modify the Network Access Allow List but still provide other Project Owner capabilities.
-
Roger commented
When defining Custom Roles it should be possible to use placeholders / patterns (regex ?!?) in the "Database" or "Collection" field. This would allow to setup more fine grained rules and allow to reduce the count of rules to be defined.
-
Ole Gunnar commented
I need to employees in operations team access to download backups while still limiting other access rights
-
Amit commented
On Mongo Atlas we are looking to restrict the user permission in specific cluster within project.
-
Ola commented
I would like to vote this request, since I hear that from the field that customer would like to have more possibilities to allow/restrict access per particular user/group also for CHARTS specific
-
Vladimir Durdevic commented
We are looking for this feature that will allow our teams to access to the Atlas Query Profiler without also granting at least read-only access to the Data Explorer.
-
Simon commented
We have many teams with different databases they are managing on a cluster.
Right now, to create Search indexes, they have the permission at the project-level and thus can create/delete Search indexes in ALL databases; not just their own.