Skip to content

How can we improve the platform?

Granular permissions via roles / hashicorp vault

We are using the Hashicorp Vault Atlas plugin in order to generate credentials for Atlas.
We are able to generate roles on the Atlas end and then use those roles to provision vault users.
However, I don't see a way to restrict those roles to just certain resources/clusters.
So the user can access all the deployments in a project.
It should be possible to restrict roles to certain resources only.

1 vote

Himanshu shared this idea · May 2, 2022 · Report… · Admin →

completed ·

AdminMelissa (Lead Product Manager, MongoDB) responded · May 3, 2022

Hi,

This has already been added some time ago. You need to specify the scopes you want to include, here's the code - https://github.com/hashicorp/vault-plugin-database-mongodbatlas/blob/master/mongodbatlas.go#L206. It should be an array like roles, but with the resource name and then if it's a cluster or data lake (see scopes here: https://www.mongodb.com/docs/atlas/reference/api/database-users-create-a-user/). I hope that helps!

Best,

Melissa

An error occurred while saving the comment

Signed in as (Sign out)

Signed in as (Sign out)

Close

Close

Atlas: Terraform Provider

Searching…

No results.
Clear search results

Give feedback
- Atlas 1,372 ideas
- Atlas App Services 240 ideas
- Atlas CLI 27 ideas
- Atlas Search 159 ideas
- Atlas Stream Processing 5 ideas
- Charts 253 ideas
- Compass 460 ideas
- Connectors (BI, Kafka, Spark) 42 ideas
- Data Federation and Data Lake 58 ideas
- Database 307 ideas
- Database Tools 1 idea
- Documentation 12 ideas
- Drivers 80 ideas
- Education 40 ideas
- FLE and Queryable Encryption 3 ideas
- MongoDB Analyzer (for .NET) 2 ideas
- MongoDB for VS Code 79 ideas
- MongoDB Shell 38 ideas
- Ops Tools 469 ideas
- Realm 96 ideas
- Relational Migrator 3 ideas
- Support Website 18 ideas
- UI 118 ideas
- Vector Search 8 ideas