Atlas
- A brief description of what you are looking to do
- How you think this will help
- Why this matters to you
70 results found
-
Allow Atlas User Data Access Permissions to be configured on a per-database/collection basis
Similarly to how database user data access permissions can be configured on a per-database or per-collection basis, it would be ideal if Atlas user data access permissions (as they apply to Data Explorer) could be configured on a more granular basis as well.
7 votes -
atlas portal ip whitelist
We were given this idea from a security audit.
From a security-in-depth perspective we would like to be able to restrict logins on the atlas portal to only whitelisted IP's, this would be analog as to how API whitelisting works at the organization level.
This is to prevent login's other than from our permitted sites.7 votes -
Ability to change First and Last Name
It would be good if users are able to modify their First and Last Name after account creation.
7 votes -
remove the captcha from login, especially if 2 factor auth is enabled.
I very much dislike being asking to train ML models by doing picture identification just to login to my account. Please find a less offensive captcha process, or remove it entirely when 2 factor auth is enabled.
6 votes -
Atlas User permissions/role by Cluster
It would be very helpful to restrict/allow access to clusters within an Atlas project, by Atlas user. This can be achieved with database users, but Atlas users have all or nothing access to the clusters within a project.
5 votes -
Reuse email address for new Atlas account
Please allow email addresses to be reused/reinstated for new Atlas accounts if an Atlas account associated with that email address has been deleted.
5 votes -
make empty teams possible
It is currently not possible to create empty teams of remove all users from teams.
We would like to arrange our access management through teams. For our production environment we want a 'read only' and an 'admin' team. The admin team should be empty at all times, except in the case of incidents where we want to add specific users to the admin team to be able to solve the incident.5 votes -
My entire team receives the billing info every month.
Billing should be limited to organization owners only and not viewable by the entire organization.
5 votes -
Project Monitoring Admin -- Access
Hi Team,
We need to give access to a particular team so they can create, edit, clone, disable, and delete the alarm for the entire organization in Alert setting only.
We should not give them access other than the Alert setting. Is there any way to give access for Alert setting only, kindly provide your suggestions at the earliest.
Please provide us steps if there's any way to create custom access for alert settings alone.
5 votes -
Change Username
Ability to change your username after registration and be able to re-use it should you need to.
5 votes -
More granular user privileges for Database User in same project
When having several clusters in the same project, it would be nice if we could configure different privileges to different clusters for the same user credentials.
Like in the following example
Name | Cluster1 | Cluster2 | Cluster3 | Cluster4
User1 | R/W | R | R | R/W
User2 | R | R/W | R | RCurrently it's not possible to specify different privileges on the cluster level.
4 votes -
Day granularity for Atlas-managed X.509 certificate
It would be great to add more granularity when creating an Atlas-managed X.509 certificate for a MongoDB user, i mean by day at least.
Thank you4 votes -
Option to Enforce Certain MFA Methods
Allow certain MFA methods to be disabled for our Organization.
e.g. we don't trust SMS or Email so want to force our users to only use Google Auth / Security Key/Biomeytric or Okta.3 votes -
Separate access control for read-only replicas
There is a multi-replica cluster and there are read replicas. I consider it necessary to add the ability to restrict access separately for a read-only replica. Thus, limit the connection not only to the entire cluster at the project level, but also to specific replicas (for example, limiting access to read replicas).
I think that this is a standard business problem, the solution of which is simply necessary to exist in a product like yours.3 votes -
Allow access from anywhere button to be a separate UI permission
"allow access from anywhere" button should be a separate privilege. This would allow the ability to add it to a role. The goal is to allow developers to log into the control plane, use the UI to add 1 single IP(theirs)...but not open up IPs to all(0.0.0.0/0).
3 votes -
RBAC for Atlas Search
Atlas Search Indexes can only be managed via MongoDB credentials (Terraform or API calls), with required role "Project Data Access Admin" (see https://docs.atlas.mongodb.com/reference/api/fts-indexes-create-one/#required-roles ). It would be great if we could create/delete search indexes using database credentials, similarly to regular indexes.
Because of that constraint, we need to provision dedicated apikey for our application ; in order to create the relevant search indexes. However, providing "Project Data Access Admin" is too much of a security risk - considering the power of such role.
Would it be possible to have dedicated "Atlas Search Admin" role which would allow creation / updating…
3 votes -
Improve password manager support on login screen
Currently on the Atlas login screen it presents a button to authenticate using Google and a text field to enter an email address. Upon entering an email address there's a brief pause - presumably to check if the email address is bound to a configured SAML provider - and if not then the password field appears.
Since the password field doesn't exist in the DOM until it's needed it means password managers have to autofill the email and password fields as two separate steps. I propose to have the password field present and hidden from the start so that password…
3 votes -
more information in AWS IAM audit logs
We are using MongoDB-AWS for authentication, and have set up the audit log to log events taken by AWS roles. However, there is insufficient information in the logs to identify who is doing those actions, as roles can be assumed by multiple people.
An example log line in the current audit log:
{ "atype" : "authenticate", "ts" : { "$date" : "2021-01-05T00:21:52.628+00:00" }, "local" : { "ip" : "192.168.248.203", "port" : 27017 }, "remote" : { "ip" : "172.31.0.5", "port" : 54195 }, "users" : [ { "user" : "arn:aws:sts::555555555555:assumed-role/developer-role/", "db" : "$external" } ], "roles" : [ {…3 votes -
Add privileges for Custom Roles which are currently only available in Built-in Roles
Currently the list of privileges assignable for Custom Roles is only a subset of privileges available to Built-in Roles This request is to add the missing privileges to both the REST API and Atlas UI which are available to Built-in Roles
The first set of privileges requested by a customer is from the Cluster Monitor role
Expanded prioritized privileges requested:
checkFreeMonitoringStatus
getCmdLineOpts
getLog
getParameter
getShardMap
hostInfo
inprog
listShards
netstat
replSetGetConfig
replSetGetStatus
setFreeMonitoring
shardingState3 votes -
Stitch - use the same function to resend confirmation as when initially signing up
When signing up with Email/Pwd, one of the options is to have the confirmation run through a function.
In that function, a call to an external email provider has been set up to use a template with a logo.However, the "token" & "tokenId" parameters provided in the link are only valid for 30'.
This makes it likely for people to be too late to confirm their email address.
When calling "resendConfirmationLink", an email with a new link will indeed be sent out, but this is the standard MongoDB email. This request is to have this "resend" use the same…
3 votes
- Don't see your idea?