Allow "Project Data Access Read Only" to retrieve restore links.
Allow "Project Data Access Read Only" to retrieve restore links. Currently, to retrieve a restore link from an Atlas cluster you must be a Project Owner.
In the current version to take the link to the snapshot we need to use Restore Jobs part of the API. Problem is that the same POST endpoint is used for the restore job which can do changes in the system and needs Owner level of the access and to generate link to the stream with the snapshot data. This second type of the job should not need so big access level as should only need Project Data Access Read Only type of the access.
Nic
shared this idea
-
Stephen Paschall
commented
Upvote. Users and automated processes that need access to current snapshots on a regular basis should not need Project Owner rights just to download an archive.
This is a pain point both for my team and for the poor administrators we've got to harass on a regular basis to get our hands on snapshots for development and offline analysis.
-
Thank you for flagging this. In the interests of transparency, we are working on a large-scale effort to revamp how MongoDB Cloud role based access control works, in order to enable much more fine grained privileged actions to be defined on specific resources. This is a top priority but a significant undertake so the user-facing aspect of this change remains multiple quarters out. Please bear with us while we do this work to unlock this and many other use cases in future.
