Skip to content

How can we improve the platform?

← Atlas

Allow individual Atlas database user to connect from different specific IP address only

The feature request is to allow individual Atlas database user to be able to connect from different specific IP address, instead of compulsorily having the whitelisted IP address apply to all database users.

I.e.
UserA can only connect from ipA
UserB can only connect from ipB

12 votes

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

Ka Lung shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Mohamed Aslam commented  ·   ·  Report

    If we need to restrict a dbuser from one specific ip address only, how we can manage it in atlas ? This one is mandatory thing. As per existing atlas "Network Access", if whitelist an ip address, every database user can access from this ip address. So if we create a new dbuser with new roles, it will not be useful.

    Is there any work around is there in atlas for this one ? In stand Alone MongoDB Installtion is possible to do , but in atlas is not possible.

  • Anna commented  ·   ·  Report

    My customer also feedback that they hope to be able to specify a Database Access Account on Atlas and limit it to a specific IP range for connecting to Atlas.

    In their case, everyone can access the database using their system accounts from the company. This could potentially lead to difficulties with permission misuse.

  • Flip commented  ·   ·  Report

    Hi @Andrew Davidson. Perhaps I can offer a scenario where this is useful:

    I run db on Atlas and server on heroku. I would like to use certificates to securely connect between my mongodb and heroku server. For this connection I want to enable all ip addresses (because limiting these is problematic and expensive). However, to still keep it secure, I ONLY intend to use these certificate on the heroku server, not for any other access. For access from our office (for technical support), I want to use basic authentication by password but ONLY with our static ip address from the office. Now the problem: its not possible to set ip addresses PER database access user.

  • Dan commented  ·   ·  Report

    This feature would be excellent for our company for Privileged Access Management.

    E.g. Application users are only able to access from our compute clusters, while operational users who need troubleshooting access from on premise can only access from those IP ranges.

    This would allow us to prevent users from abusing application credentials and vice versa

Atlas

Categories

Feedback and Knowledge Base

(thinking…)