Allow an "Any Database" option for actions in custom roles
Much like built-in roles have the ability to target all databases/any database, it would be ideal if collection actions could also target any database. Similarly to how, when adding collection actions to a custom role, if you leave the "collection" field blank, it applies to all collections in the specified DB, it would be great if you could leave the "database" field blank too (or add an "any database" option) and have the actions associated with the role be allowed on any database.
This feature gap creates unnecessary maintenance overhead for clusters with large numbers of databases. This is particularly impactful if databases are added/removed/migrated frequently, creating the need for frequent manual maintenance or some kind of API-based automation to keep the role updated so that the actions can be performed on all databases that currently exist on the cluster.
-
Janpreet commented
This is a much needed feature, should have already been implemented, why are we still listing DB's for inclusive access?
-
Dianna commented
Specifying collections across databases is crucial to our usage. As this has been supported on self-hosted clusters for a while, this functionality should also be added to Atlas! ++
-
Josh commented
This is super crucial to our ability to roll over and migrate data by being able to selectively turn off our write access during migrations. We can't turn off all write access, but for the collections we move around we need to turn off writes so we don't get conflicts.
This will also be crucial when we start splitting people out of a shared db and into their own database.
Example:
db: Customer1
coll: account
coll: stats
db: Customer2
coll: account
coll stats
... -
Cade commented
Specifying collections across databases is currently possible on a self-hosted MongoDB cluster (see https://www.mongodb.com/docs/manual/reference/resource-document/#specify-collections-across-databases-as-resource).
However, this is currently unavailable for Atlas. Can we please add this functionality to Atlas custom roles?
-
Michael Gerlach commented
Just to note once more, we are _desperately_ in need of this feature.
Please reconsider roadmap planning to get this addressed better sooner rather than later. -
Michael Gerlach commented
I agree with this feature request.
As described by the requester, at the moment our approach to get this accomplished is the following:
- Get all clusters within an Atlas Project
- Get all databases available on these clusters
- render N2N CustomDBRole with list of databases and list of collections -
Nagendra Tripurana commented
I agree with this feature request.
-
Andrea commented
I agree with this feature request.
-
Paul commented
Agreed. It is very tedious and error prone to have to create individual custom roles for every database.
I'd add that when assigning the custom role to a user then at that point it can be applied against specific databases. This is how the built in roles currently work and would continue to allow a user to be tied to a single DB, but the extra control of their access rights given by custom roles. All without having to create a separate custom role for each user/db combo.
-
Shane commented
Seconding what Victor said here. This feature would help us greatly
-
Victor commented
This is a very much needed feature. Having to maintain a hardcoded list of databases is not scalable.
-
AMARA FLASHER commented
ok